Because the integrity and objectivity of information are vital to the quality of audit outcomes, records and information management professionals have an important role to play in the audit process.
This article proposes that incorporating the records and information management (RIM) function and Generally Accepted Recordkeeping Principles[R] (the Principles) into the financial statement audit process will enhance audit integrity and objectivity, increasing the quality of audit outcomes. Therefore, as RIM professionals define and refine the business case for RIM, their potential role in the external audit process should be included.
Internal vs. External Audits
In their November/December 2011 Information Management article, "Dodd-Frank Act Puts Focus on Information Governance," Fred Pulzello and Sonali Bhavsar described the Principles as "an important consideration in today's volatile financial market because they help organizations evaluate their current risk state specific to records, disclosures, compliance, and supervision rules, as well as provide a roadmap to mitigate the risk." They also note that the Principles can be used to satisfy the requirements of the Dodd-Frank Act (Pub. L. 111-203), the Securities and Exchange Commission (SEC), the Commodity Futures Trading Commission, and the Federal Reserve, as well as other organizations.
Joanne Frampton, in her March/April 2012 Information Management article, "GARP[R]: A Tool to Drive Internal Auditing," reported, "When RIM is incorporated into the corporate governance and risk management framework and integrated into the internal audit regime, the [Principles] methodology can underpin and drive the entire audit process." She commented that the Principles have "provided the necessary framework and vocabulary to communicate to executives the importance of RIM."
Although Frampton addressed RIM and the Principles in the internal audit regime, to date the role that RIM and the Principles can fulfill in the external audit process has not been posited.
The External Audit Framework
External audits of financial statements prepared in the United States are performed according to Generally Accepted Auditing Standards (GAAS).
For companies not registered with the SEC, GAAS are established by the Audit Standards Board (ASB) of the American Institute of Certified Public Accountants (AICPA). For companies registered with the SEC, GAAS are established by the Public Company Accounting Oversight Board.
The ASB began working on a redrafting and recodification of its U.S. GAAS in 2004, in what is called the Clarity Project. According to the "Clarity Project: Questions and Answers" on the AICPA website, only AU section 322, "The Auditor's Consideration of the Internal Audit Function," remains to be addressed, and it is expected to be released in late 2013 or early 2014.
One result of the ASB's Clarity Project is Statement on Auditing Standards (SAS) No. 122, "Clarification and Recodification," which is effective for audits of financial statements for periods ending on or after December 15, 2012.
The preface of SAS 122 identifies principles that underlie an audit conducted in accordance with GAAS. These principles fall into four categories:
Purpose of an audit and premise upon which an audit is conducted
The order of the principles highlights the sequence in which an audit is conducted. Each stage of an audit builds upon the work of the prior stages. If specification of the purpose and premise of the audit lacks quality, the remainder of the audit, at a minimum, will lack the same quality.
The first auditing principle, purpose of an audit and premise upon which an audit is conducted, specifically addresses the...