Audited financial statements are one of the most important documents you can use to support effective third-party due diligence. As the old adage says, “the numbers don’t lie.”
However, analyzing a vendor’s financial statements isn’t as simple as looking at a few key ratios and calling it a day. It’s part art and part science.
While audited financial statements do follow a common framework (the science), every company has a different financial story, so you have to know how to spot the problem areas when reading them (the art).
To help you effectively analyze financial statements of your third-party vendors, in this blog I break down:
- The three main sections in a set of audited financial statements
- Red flags to look for when reviewing them
- Determining which vendors should be providing you financial statements
- What to do when your vendor doesn’t have an audit
Main Sections in Audited Financial Statements
Audited financial statements are financial reports that have been evaluated by an independent auditor. They are important as they provide credibility and assurance to stakeholders, such as customers, investors, lenders, and regulators, regarding the accuracy and reliability of the financial information.
While financial statement nomenclature is oftentimes different across industries, there are three main sections to every set of audited financial statements.
Auditor’s Report – The auditor’s report is a written statement from the auditor that provides their independent opinion on the completeness, accuracy and reliability of a company’s financial statements. It is the only section of the audited financial statements that is actually ‘owned’ by the auditor.
Financial Statements – The financial statements paint the quantitative picture of how the company is doing financially. There are three, core financial statements: a balance sheet, an income statement and a statement of cash flows.
Notes to the Financial Statement – The footnotes to the financial statements provide more of a qualitative picture about the company through supplemental disclosures and details. These can include disclosures related to long-term commitments, pending litigation, concentrations of risk and affiliated entities. There is a lot of information you can glean from the notes section.
Red Flags to Look for When Reviewing Financial Statements of a Third-Party Vendor
Every set of financial statements tells a different story. A ‘bad’ number on one company’s balance sheet may actually be ‘normal’ for a different company in a different industry. However, there are some common red flags I always look for when reviewing financial statements – regardless of the industry.
Red Flag #1: Modifications to the Auditor’s Report
I always start with the auditor’s report (i.e. the auditor’s opinion.). What I look for is whether the company has a ‘clean’ audit opinion. A clean opinion means the independent auditor has concluded the company’s financial statements are presented fairly in all material respects.
Sometimes, auditors will ‘modify’ their opinion. An example might be when the auditor disagrees with management about certain aspects of the financial statements. Another example includes cases where the auditor was not able to carry out enough work, or gather all of the evidence they needed, to give an opinion on the financial statements.
A modification to the auditor’s opinion is a red flag that you should always investigate further.
Red Flag #2: Problems with Profitability
Vendors need to be profitable to stay in business for the long term. When analyzing a vendor’s profitability, I like to focus on net profit trends. Specifically, profitability trends over the most recently completed three years. Consistent losses or declining profitability are generally a signal of a problem.
In addition to analyzing trends in net profit, it’s helpful to analyze profitability ratios such as profit margin and return on assets. A declining profitability ratio can be a red flag signaling that a company’s costs are rising faster than their revenues, or that a company is losing market share.
Red Flag #3: Problems with Cash
Being profitable is important, but cash is always king! When analyzing a vendor’s cash liquidity, it’s important to analyze their ability to pay liabilities in the near term as well as remain solvent for the long term.
A good way to evaluate a vendor’s ability to cover its near term liabilities is through liquidity ratios. The three key ratios to help with analysis are the current ratio, quick ratio and cash ratio. What you’re assessing here is the vendor’s ability to pay what it owes and keep the lights on in the near-term. A liquidity ratio that trends lower over time is a red flag the company may be running out of cash.
When evaluating the ability to stay in business for the long-term, solvency ratios are some of the best tools to use. They help you understand how a company uses debt to fund its operations and whether their debt is growing to a point where it will strain the company’s ability to pay it back. A solvency ratio that is trending higher over time may be a red flag that the company is adding too much debt.
Red Flag #4: Over Reliance on One or Two Key Customers
Lastly, when a company relies on one or two customers for a significant portion of its revenue it presents a major business continuity risk. I’ve seen companies close the door within days of losing a key customer, so you should understand whether this is an issue with your key vendors.
This information is best found in the notes to the audited financial statements. The auditor will disclose when a business has concentration risks, including those associated with over reliance on certain customers. Be sure to read the notes to determine if this is a red flag to investigate further.
Do you need audited financial statements from all of your vendors?
The short answer is, no.
In fact, you shouldn’t be spending time reviewing financials for most of your vendors. What you really need to be concerned with is the financial health of your critical vendors. That is, those who provide key services, infrastructure and technologies, including outsourced services, that you rely on for the execution of your own critical business functions.
You may, of course, have other high risk vendors whose financial statements you want to review. That’s always ok. But many organizations don’t have the resources or capacity to review financials from every third party – so focus first on those key relationships that really matter then add others as time permits.
What if your third-party vendor doesn’t have an audit?
While audited financial statements are the gold standard, many small, privately held companies don’t have audits. So what do you do?
Ask the vendor to provide unaudited financial statements instead. These can come in one of three formats, listed from least to most preferred.
Internally Prepared Financial Statements – These financial statements have been prepared by the vendor, with no involvement by an independent CPA.
Compiled Financial Statements – These financial statements are prepared in coordination with a CPA; however, the CPA did not analyze any of the numbers and does not provide any assurance on the accuracy. It’s implied, though, that the CPA assisted in some way with the creation of the financials.
Reviewed Financial Statements – These financial statements are prepared in coordination with a CPA and the CPA provides a limited amount of assurance on the statements. Unlike a compilation, the CPA does perform limited analysis and testing of information presented. However, it is significantly less analysis and testing than performed in an audit.
Just know that the further away you get from audited financial statements, the less reliable the numbers become. That’s why it’s crucial to have a subject matter expert on your team be responsible for reviewing the information.
Lastly, there are a variety of data intelligence solutions in the marketplace that can help with your review of a vendor’s financial statements. These solutions include risk intelligence on things like credit, timely payments, bankruptcies, lawsuits and general negative news. They are a good source to supplement a financial statement review or to use in lieu of a financial statement for lower risk vendor due diligence.
Don’t get caught by surprise. Make sure to incorporate financial statement reviews into your third-party due diligence process.