Audited financial statements are one of the most important documents you can use to support effective third-party due diligence. As the adage says, "The numbers don't lie."

However, analyzing a vendor's financial statements isn't as simple as looking at a few key ratios and calling it a day. It's part art and part science.  

While audited financial statements follow a common framework (the science), every company has a different financial story, so you must know how to spot the problem areas when reading them (the art).

To help you effectively analyze the financial statements of your third-party vendors, in this blog, I break down the following:

• The three main sections in a set of audited financial statements
• Red flags to look for when reviewing them
• Determining which vendors should be providing you with financial statements
• What to do when your vendor doesn't have an audit

Main Sections in Audited Financial Statements

Audited financial statements are financial reports that an independent auditor has evaluated. They are essential as they provide credibility and assurance to stakeholders, such as customers, investors, lenders, and regulators, regarding the accuracy and reliability of the financial information.  

While financial statement terminology is often different across industries, there are three main sections to every set of audited financial statements.

Auditor's Report – This report is a written statement from the auditor that provides their independent opinion on the completeness, accuracy, and reliability of a company's financial statements.  It is the cornerstone of the audited financial statements, providing a solid foundation for your analysis.

Financial Statements – These statements paint the company's financial performance quantitatively. There are three core financial statements: a balance sheet, an income statement, and a statement of cash flows.

Notes to the Financial Statement – These footnotes to the financial statements provide more of a qualitative picture of the company through supplemental disclosures and details. These can include disclosures related to long-term commitments, pending litigation, risk concentrations, and affiliated entities. There is a lot of information you can glean from the notes section.

Red Flags to Look for When Reviewing Financial Statements of a Third-Party Vendor

Every set of financial statements tells a different story. A 'bad' number on one company's balance sheet may be 'normal' for a different company in a different industry.  However, there are some common red flags I always look for when reviewing financial statements – regardless of the industry.

Red Flag #1: Modifications to the Auditor's Report

I always start with the auditor's report (i.e., the auditor's opinion.). I look for whether the company has a 'clean' audit opinion. A clean opinion means the independent auditor has concluded the company's financial statements are presented fairly in all material respects. 

Sometimes, auditors will 'modify' their opinion. An example might be when the auditor disagrees with management about certain aspects of the financial statements. Another example includes cases where the auditor could not carry out enough work or gather all the evidence they needed to give an opinion on the financial statements.

A modified auditor's opinion is a red flag that you should always investigate further.

Red Flag #2: Problems with Profitability

Profitability is the lifeblood of any business. When analyzing a vendor's profitability, I like to focus on net profit trends. Specifically, profitability trends over the most recent three years. Consistent losses or declining profitability are not just numbers; they are warning signs that demand your attention. 

In addition to analyzing trends in net profit, it's helpful to analyze profitability ratios such as profit margin and return on assets. A declining profitability ratio can be a red flag, signaling that a company's costs are rising faster than their revenues or that a company is losing market share.

Red Flag #4: Over-Reliance on One or Two Key Customers

Lastly, when a company relies on one or two customers for a significant portion of its revenue, it presents a major business continuity risk. I've seen companies close the door within days of losing a key customer, so you should understand whether this is an issue with your key vendors.

You can find information about customer concentration risk in the notes to the audited financial statements. The auditor will disclose when a business has concentration risks, including those associated with overreliance on specific customers. Be sure to read the notes to determine if this is a red flag to investigate further.

Do you need audited financial statements from all of your vendors?

The short answer is NO.

You shouldn't be spending time reviewing financials for most of your vendors. You need to be concerned with the financial health of your critical vendors. Those who provide vital services, infrastructure, and technologies, including outsourced services that you rely on to execute your essential business functions.

Federally funded organizations must also obtain and analyze audit reports for all subrecipients.  This is a requirement under the uniform guidance.

You may, of course, have other high-risk vendors whose financial statements you want to review. That's always ok. However, many organizations don't have the resources or capacity to review financials from every third party, so focus first on those essential relationships that matter, then add others as time permits.

What if your third-party vendor doesn't have an audit?

While audited financial statements are the gold standard, many small, privately held companies don't have audits. So what do you do? 

Ask the vendor to provide unaudited financial statements instead. These can come in one of three formats, listed from least to most preferred.

Internally Prepared Financial Statements – These are financial statements prepared by the vendor, with no involvement by an independent CPA. 

Compiled Financial Statements – These financial statements are prepared in coordination with a CPA; however, the CPA did not analyze any of the numbers or provide any assurance on the accuracy.  It's implied, though, that the CPA assisted in some way with the creation of the financials.

Reviewed Financial Statements – These financial statements are prepared in coordination with a CPA, which provides limited assurance on the statements. Unlike a compilation, the CPA performs limited analysis and testing of the information presented. However, it is significantly less analysis and testing than performed in an audit.

Just know that the further away you get from audited financial statements, the less reliable the numbers become. That's why it's crucial to have a subject matter expert on your team who is responsible for reviewing the information.

My team at Vendor Centric is expert at reviewing financial statements and spotting potential issues with your vendors and subrecipients.  If this is an area you could use some help, contact us to schedule a time to talk.