321
CHAPTER 13
A Strategic Systems Approach to the Financial Audit
LEARNING OBJECTIVES
Review Checkpoints / Cases1. Describe the concept of business risk. / 1 / Sleeman Breweries Ltd. comprehensive case
2. Discussion how the PA gains his/her understanding of business risk through strategic analysis and business process analysis. / 2, 3 / Sleeman Breweries Ltd. comprehensive case
3. Describe the types of risk assessment and reduction procedures carried out by an SSA auditor. / 4 / Sleeman Breweries Ltd. comprehensive case
4. Explain how the PA links business risk to audit risk and the nature of the audit evidence acquired. / 5, 6, 7 / Sleeman Breweries Ltd. comprehensive case
5. Relate analysis of business performance to the financial statements. / 8, 9, 10, 11, 12 / Sleeman Breweries Ltd. comprehensive case
6. Describe how a SSA audit complies with GAAS (generally accepted auditing standards). / 7
POWERPOINT SLIDES
PowerPoint slides are included on the website. Please take special note of:
321
* Initial Risk Assessment
* Reassessed Risk Assessment
SOLUTIONS FOR REVIEW CHECKPOINTS
13. 1 Business risk is the client risk that the client will be unable to achieve its business objectives or execute its strategies. An example of a business that has recently (2000) affected the airline industry in Canada is the controversial merger between Air Canada and Canadian Airlines. There have been widely perceived and reported declines in customer services immediately after the merger. This has created new business risks for Air Canada in the form of tightened regulations on liabilities to passengers for losses from delays or cancellations of seat space, and threatened legislation to lessen the restrictions on charter, regional, and even foreign airlines so as to increase competition on the most lucrative routes.
13.2 The two parts of business analysis are strategic analysis and business process analysis. The goal is to learn about the client’s analysis of the risks its business faces, in particular, whether the analysis identifies all material business risks.
13.3 This is part of the business analysis discussed in 13.2. Senior client management is the chief source of information about the client’s business strategy. Auditor’s knowledge of the business (e.g., from previous audits of clients in the same or similar industries) is the key to understanding the risks associated with a particular client’s business strategy. Common risks associated with a client’s strategy are risks of cost leadership, risks of differentiation, and risks of focus. These are discussed in the chapter appendix.
13.4 The purpose of business process analysis is to identify the system to assure adherence to the business strategy. The auditor must understand the process and identify key sub-processes to examine in detail these key sub-processes, inherent business risk associated with the sub-process, and the control environment associated with the sub-process. The information the auditor seeks to learn about a target business process are the following: process objectives (i.e., role in achieving the entity’s business objectives), process activities, classes of accounting transactions and cycles employed, process risks, and process controls.
13.5 The five ways that business risks can be managed are the following: 1. accepting that some calculated risks are part of the inevitable costs of being in business (e.g., accepting the risks of potential environmental liabilities) 2. avoidance of some risky activities (e.g., dealing with some financial instruments that management finds difficult to understand) 3. risks that can be controlled via internal controls 4. risks that are ignored due to cost/benefit considerations and 5. risk transference to a 3rd party (e.g., insurance).
Business risks are analyzed to estimate their magnitude and likelihood. When considered together there two assessments determine whether a risk is low, medium, or high (see Exhibit 13-3).
13.6 Most business risks are supposed to be managed through well designed business processes although some fall into the ignored category. The auditor tests controls over the efficient and effective functioning of key business processes to get assurance that the relevant business risks are well managed.
13.7 No, SSA auditors focus on testing higher level controls represented by the key business processes. These traditionally have been referred to as management controls. This is perhaps the most controversial feature of SSA audits.
13.8 Business risk needs to be considered in assessing audit risk. Audit risks relate to accurate reporting on business risks, thus, the higher the business risks the greater the need to report them accurately. As a consequence, the general relationship is that the higher the client’s business risk the lower the planned audit risk needs to be.
Residual risks are those that are not moved to the “low” category after evaluating the effects of management controls. Residual risks are used to assess inherent risks for specific accounting cycles or transactions.
13.9 The three components of business performance analysis are: 1. financial performance measures 2. nonfinancial performance measures and 3. the interrelationship among the two. The purpose of business performance analysis is to determine if the financial statements accurately reflect the SSA auditor’s analysis of business performance (e.g., if economic substance rather than legal form is captured by the financial statements).
13.10 Procedures used in financial performance analysis include but are not limited to: analysis of key financial statement ratios, examining trends of such ratios over time, review of significant accounting policies (see Exhibit 13-6), developing a balanced scorecard (see Exhibit 13-8), and analyzing the consistency of financial and nonfinancial performance measures. Additional substantive procedures would be carried out whenever there are major discrepancies in any of the above. For example, major inconsistencies between financial and nonfinancial measures of performance, inadequate management justification of unusual or questionable accounting policies, and ratios out of line with industry trends could trigger additional substantive work.
13.11 Nonfinancial performance analysis includes, but is not limited to, a “balanced scorecard” (see Exhibit 13-8), research and development activities, investment in high technology and productivity improvement, as well as a variety of other possible measures of economy efficiency and effectiveness (see VFM concept form public sector auditing as discussed in chapter 18).
Emphasis on consistency follows from the logical fact that multiple independent, corroborating sources of evidence helps strengthen the case for a relevant assertion.
13.12 The focus is on looking for discrepancies, which may indicate undetected risks, and thus help direct audit substantive testing to better assess and disclose there risks in the financial statements.
13.13 Group Project
The purpose of the group assignment is to consider the Enron collapse and audit failure from a practical audit perspective. In particular, hindsight suggests Enron’s financial reports were very far from its underlying business strategy, processes and risks. This makes it an interesting case in which to consider the advantages of using strategic systems approach as a ‘what if’ exercise.
The case requires one to research the financial reports issued by Enron, its Management Discussion and Analysis and other relevant information so as to learn about Enron’s reported financial information and its actual operations (Note that much of this information was published after the fact as so is now available for research purposes, though it may not have been as readily available to Enron’s auditors at the time of their audit work).
The approach to the case will involve understanding the SSA approach and describing it in the context of the Enron facts as gleaned from the research. An assessment of how SSA could be applied in this situation can support an evaluation of the strengths and weaknesses of this approach, and a conclusion on its likely effectiveness in this case scenario. Finally, the analysis and conclusions can generate forward looking recommendations for applying SSA more generally in financial statement audits in various businesses.
CH. 13 CASE: SLEEMAN BREWERIES LTD.
Suggested Approach
Background: Sleeman Breweries Ltd. is a uniquely positioned player in Canada’s brewing industry as the largest craft brewer in the country. As the third largest brewer in Canada it follows a strategy very different from the largest two breweries (Molson and Labatts) by concentrating on producing premier quality craft beer and ale. Sleeman’s size, however, is significantly larger than the other craft brewers in Canada. Sleeman has adopted a strategy of growth through acquisition of existing craft breweries in Canada as well as introducing new craft beers with significant market potential. Sleeman also has an opportunity to add a low price product through an alliance with Pabst Brewing.
Case Learning Objectives: Students completing this case will:
Become familiar with fundamental strategic analyses for a smaller player in a mature industry.
Identify key business processes for that company.
Begin to understand the link between strategic and business process analyses, and the financial statements with related audit implications.
Level of Use: You can use this case in undergraduate and graduate auditing courses.
Time to Complete: For best results, students will need at least two hours to prepare, assuming they possess basic knowledge of strategic management and have been introduced to the strategic-systems auditing approach (as outlined in Chapter 13 and the Appendix to Chapter 4). Learning opportunities can occur even when students have not been exposed to strategic management concepts, provided the elementary strategic analysis framework implicit in the discussion questions is followed. Class discussion is best conducted in one 50-80 minute class.
The purpose of Sleeman Breweries Ltd. case is to introduce the student to the basic approaches employed in a strategic systems approach to auditing. The student is required to develop a deep understanding of the business (via questions 1 – 6) and apply his/her analysis to begin to link this knowledge to the financial statements and the related audit implications (questions 7 and 8). Instructors who want to follow-up on this material in more detail are directed to the KPMG-UIUC web site at http://www.cba.uiuc.edu/kpmg-uiuc/index.html where he/she will find several additional cases on strategic systems approach to auditing (including a Canadian case Loblaw Inc., authored by one of the same authors as the Sleeman’s case) and the complete text of an early monograph on the subject of the strategic systems approach to auditing as carried out in one of the Big Five firms, KPMG.
OVERVIEW AND APPROACH ALTERNATIVES
You can approach the case in three ways:
1. If your students have sufficient knowledge of strategy, you can ask them to analyze the brewing industry using the PEST analysis and the Porter framework (see Appendix to Chapter 4), as well as Sleeman’s strategic positioning (see Appendix to Chapter 13) within the brewing industry.
2. You can facilitate discussion of each of the suggested questions in turn.
3. You can ask students to examine the financial statements of Sleeman and suggest which accounts have the highest strategic risk associated with them.
The third option usually generates considerable energy, but you need to be ready to challenge students to justify their position. Although students like the third option, it can require more time and result in a loss of focus relative to the other two as students default back to the traditional approaches to auditing. Regardless of your approach, the case objectives will be furthered only if students grasp (a)
the nature of the brewing industry, (b) Sleeman’s strategic positioning within the industry, and (c) any looming threats.
When used in a graduate auditing course, we conclude by asking students about what they would do next if they were part of the Sleeman’s audit team. You could say something like, “Now that you understand the industry and the threats to Sleeman, how should this knowledge impact the nature and extent of additional audit procedures?” Also, you can ask students to think about whether the knowledge obtained thus far constitutes assurance (any amount of assurance, not necessarily just total “reasonable assurance”) by leading an open discussion centered on the following questions. “Does this knowledge have the potential to impact the auditor’s expectations of financial-statement amounts or ratios developed from such amounts?” “Has the auditor begun to develop a mental model of the entity, how it operates, and how it generates cash flow?” “Does ‘knowing’ how well Sleeman is controlling certain business risks increase the assurance obtained by the auditor that the business is being well-controlled?” “Does ‘knowing’ that the business is being well-controlled lessen audit risk?” “If, through the strategic analysis, the auditor comes to know something about how and why the current strategy is working for Sleeman, has he or she obtained some assurance?” “What are possible implications for audit risk if the auditor does not perform a strategic analysis?” Etc.
Discussion questions
1. What are Sleeman’s key business objectives? Why are these objectives being pursued?
Sleeman is a growth-oriented company that produces premium craft beer and ale. They want to be seen as the case states “the first alternative to traditional beer and ale consumption.” As Sleeman is a publicly traded company (listed on the Toronto Stock Exchange) their management is subject to the normal pressures of a public company to show income growth thus no doubt accounting for the growth objective.
2. What is Sleeman’s strategy for achieving its objectives? What are the key factors that have shaped the current degree of success or failure of this strategy? Does Sleeman’s strategy appear to be working?
Sleeman has adopted what Porter would call a focus strategy (see Appendix to Chapter 13) in that they do not compete with the mass market breweries like Molson and Labatts. Instead, Sleeman focuses on producing low volume premium products with a distinctive taste associated with a craft brewery. This premium craft beer also has a very distinctive market demographic associated with it: beer drinkers with higher disposable income who are willing to pay more for a premium product. Sleeman’s execution of this focus strategy has two parts:
1. to develop in-house new craft beers (e.g. Honey Brown Lager);
2. to add new regional craft beers to its product line via merger and acquisition of existing craft breweries.
The key factors that appear to have shaped the success of the first part of this strategy are the development of new craft beers combined with careful market testing of proposed new products. The key factors that appear to have shaped the success of the second part of this strategy is the successful identification of potential acquisitions, successful negotiation of mergers/acquisitions, and the ability to integrate the newly acquired entities into the Sleeman’s control system (described in the case section Sleeman’s Strategy).