Audit of a Small Organization

default hero image

This article is written by the Chartered Professional Accounting firm of Edelkoort | Smethurst | Schein as our way of explaining the approach our firm takes in completing a financial statement audit for a small Not For Profit organization, or a small commercial business. Audits are required for all NFP receiving government funding, and for a variety of other reasons. Small commercial businesses also require audits in specific situations. Every couple of years the board of directors of these entities obtain proposals from auditors – to ensure audit fees are competitive and maintain overall auditor independence in the eyes of its stakeholders. If you are in this situation, our firm of licensed public accountants (LPA) would appreciate the opportunity to discuss how we can assist. Meantime, please read on to get a flavour for our approach and services.

Preface – please note – we are a public accounting firm located in Burlington, Ontario, Canada, and this article is based on regulations in Canada, which may not be applicable to your situation if you are a reader outside of Canada.

Our Firm’s approach to an audit of course follows the rules and regulations prescribed by CPA Canada – Canadian Audit Standards (CASs), and the purpose of this article is not to do a deep dive on the technical requirements of our professional auditing standards. Instead, in plain language that hopefully everyone can understand, our approach can be summarized as follows:

Audit planning – whether you are a new or existing client, we meet with you to gain an understanding of your organization. This would include the business or mandate, size and complexity, revenues, expenses etc. This is important – our firm needs to ensure that we have sufficient expertise, experience and resources on board to complete the audit, and to do so in the time frame required.

Independence and provision of advisory services – one of the key aspects of all audits, is that the auditor maintains independence from the organization being audited. This can often come into play if a small organization lacks accounting and tax expertise and needs support from an external accounting firms. An audit firm can provide support services to a small entity (as long as it is not a publicly listed entity), but must ensure that there are safeguards in place so to ensure that the auditor is not auditing their own work, so to speak. This is known as a self-review threat, and can be managed by the auditor to allow for the firm to maintain independence. Our firm would bring in other accountants not involved with the audit, to assist with the required accounting journal entries (all of which of course would be approved by management). Our firm would keep this top of mind, so that we fulfill our audit independence mandate, while assisting where required.

Risk Assessment – largely transparent to the audit client, this is an internal review that our firm must conduct to ensure that our firm and the audit client are mutually aligned. In other words, whether or not our firm has the required industry knowledge, experience and resources to properly support you, the client.

Materiality – The prime objective of an audit is to obtain reasonable assurance that there are no material misstatements in the financial statements. The technical jargon based on CPA Canada audit standards is as follows;

A misstatement or the aggregate of all misstatements in financial statements is considered to be material if, in the light of surrounding circumstances, it is probable that the decision   of a person who is relying on the financial statements, and who has a reasonable knowledge of business and economic activities (the user/stakeholder), will be changed or influenced by such misstatement or the aggregate of all misstatements.

Basically this means that ‘size matters’ in terms of the any errors that the organization makes when preparing their financial statements. In other words, all of the errors noted by auditors, when added up, will be compared to a predetermined $ threshold. It the errors are below the threshold, then there is no material misstatement. Management needs to be mindful to employ sound financial reporting controls and procedures, to ensure that they do not contain material misstatements. Our firm will need to scope this out as part of the audit planning process.

Internal Control – CPA Canada audit regulations require that the auditor obtain an understanding of the entity and its environment, including internal control, sufficient to identify and assess the risks of material misstatement of the financial statements whether due to fraud or error, and sufficient to design and perform further audit procedures. In plain terms, every organization should have checks and balances (internal controls) in place to make sure that transactions such as payments to suppliers and staff, and invoices to clients are recorded accurately, timely, and have been properly approved in advance by management of the organization. These transactions all end up being reported on the financial statements, so the genesis of all of this is the underlying internal controls. Our firm will need to discuss and review these controls, to make sure they are designed properly, and operating effectively. This in turn will have an impact on the time needed to review audit samples.

Information Technology – small organization use of information technology has become commonplace, particularly as IT capabilities have increased while at the same time costs have decreased. This presents new challenges for auditors — they need to understand these systems and deal with the control and audit issues they present. Some of the more common issues pertain to General IT controls, and IT Application controls.

General controls – pertain to system development. Small organizations rarely develop their own internal systems, but instead purchase and operate software packages. The entity should have controls in place to properly evaluate software, implement, and operate. And, make sure it is meeting the needs of the users, and the budget. General controls also involve restricting access to the computers and server.

Application controls – pertain to system access. This usually involves ensuring that only authorized personnel have access to various systems. For instance, Payroll personnel should only have access to the Payroll records. Our firm would need to review the systems in place to make sure that the information processed is once again accurate, timely and approved

Obtaining Audit Evidence – is the heart of an audit, and audit procedures require that sufficient and appropriate audit evidence be obtained to support the audit opinion. All audit planning is directed towards one goal — to complete an audit that meets the standards of the accounting profession and meets the expectations of the client within a time frame that enables affordable fees for the client, while at the same time compensates the audit firm for their time and expertise. Our firm will gather audit evidence in 2 main areas; testing the effectiveness of internal controls and sampling of transactions/records (known as substantive testing). An interesting cause and effect – the stronger the internal controls are the less substantive testing there is – so it always behooves an organization to beef up their controls.

Documentation – is the process of recording, assembling and organizing the evidence supporting financial statement balances. In addition to supporting the audit work, documentation assists in the review of the audit and helps with the planning the next year’s audit. Furthermore, CPA Rules of Professional Conduct require this audit documentation – not only to justify the audit opinion, but also to defend against possible legal actions.

As part of the audit process, our firm will follow the regulations, and ensure sufficient back up material supports our conclusions. It is something we as auditors must do. However, suffice to say our firm needs to maintain this documentation, and we think our clients should know this and be confident in our internal procedures in this regard.

Audit Report – this is the end result, the ‘finished product’ of the audit. The audit report will provide an ‘audit opinion’ as to whether or not the financial statements are presented fairly in accordance with accounting standards. The audit opinion is not a guarantee – after all, the work was based on sampling and not on reviewing all transactions. Another key point is that the financial statements are the responsibility of management, whereas our firm’s responsibility is that of independent auditor.


An audit report is the highest level of assurance that is available for users of financial statements. If your organization requires audited financial statements, our firm would be pleased to discuss how we can support you. Our firm is committed to using our broad depth of expertise, experience and resources to fulfill our obligations to our audit clients, to the satisfaction of all stakeholders. Please contact us to discuss – we would be pleased to hear from you.