Fraud prevention
Nov 25

Providing Fraud Prevention Services to Compilation Clients

By Charles Hall | Fraud

This post discusses CPAs providing fraud prevention services to compilation clients. If you haven’t done so in the past, it could be a new revenue stream for your firm. 

Fraud prevention

The Greater Risk for Your Client

How many clients do you provide compilation services to? For most small- to medium-sized CPA firms, the answer is usually many. Now let me ask you another question.

What is the greater risk for your client?

  • Financial statements are misstated or
  • A trusted bookkeeper (or someone else) is stealing substantial sums of money from the business

You say, “But I’m not engaged to look for potential theft or prevent it.” Regarding compilation engagements, you are right. Notice, however, my question is about your client.

I find that most compiled financial statements are basically correct—often because of the CPA’s involvement. The risk of material misstatement is driven down, and obviously, this is a good thing, but what about the potential for theft?

It seems to me that CPAs seldom talk with their compilation clients about the potential of fraud, even though we know, for instance, that the client’s accounting staff consists of one bookkeeper. So, we are aware that the client’s accounting system lacks segregation of duties.

When fraud happens, clients will sometimes say, “my CPA is responsible”—even though compilations are not designed to prevent (or detect) fraud. Therefore, we must clearly define the services we are providing.

Defining Your Compilation Service

Here are two questions to consider in defining your compilation engagements when you are not providing fraud prevention services.

  1. Do you obtain a signed compilation engagement letter?
  2. Do you verbally explain the limits of your engagements (that you are not providing fraud prevention or detection services)?

These two actions lessen your risk.

If, however, you desire to provide fraud prevention services in addition to the compilation, then include appropriate language in your engagement letter to cover the additional service or use a separate engagement letter to address the fraud prevention work. More about this in a moment. 

Fraud Prevention and Compilation Services 

Do you ever suggest to your client that he or she have you (or someone else trained in fraud prevention) review the accounting system and make fraud prevention suggestions? Here is where I believe you can add value to the compilation service. I also believe it is largely an untapped source of revenue for small- to medium-sized CPA firms.

Obviously, you need to understand internal controls and fraud prevention prior to providing fraud prevention services. If you don’t have that knowledge, you can obtain it from organizations such as the Association of Certified Fraud Examiners

If you provide fraud prevention services, you need to create an engagement letter that addresses the boundaries of your work. It is wise to say what you are providing and, more importantly, what you are not providing.

I normally state that I am providing the additional fraud prevention service to mitigate fraud risk and that the additional work does not provide absolute assurance. I go on to say that once the work is complete, “that fraud can still occur.” (Check with your insurance carrier for appropriate language.)

In other words, your engagement is to lessen fraud risk, not to eliminate it, a reasonable proposition. (The risk of fraud can seldom, if ever, be fully eliminated. And I tell my clients this.)

Fraud Prevention Services Create Risk

But doesn’t providing fraud prevention services create additional risks for the CPA?


Providing any additional service creates risk for the CPA. So this is ultimately a business decision for you and your firm. Additionally, contact your insurance company to see what they say. 

If you desire to provide fraud prevention services, consider becoming a Certified Fraud Examiner (CFE) or obtain your Certified in Financial Forensics Credential. I became a CFE in 2004 and found the training eye-opening. Though I had been a CPA since 1987, I gained valuable knowledge about system design and fraud prevention.

CPA Independence

Will providing fraud prevention services impair your independence? Under existing AICPA independence standards, the answer could be yes (because you are assisting with the design of the internal control system). But the independence issue depends on what you do. Making recommendations probably would not impair independence. Fully designing the internal control structure would impair independence.

If your independence is impaired, you need to say so in the compilation report. Independence is not required in compilations. Take a look at Definitive Guide to Compilation Engagements

Agree or Disagree?

What do you think about offering fraud prevention services to compilation clients?

You can learn more about white-collar crime here.

audit risk assessment made easy
Nov 16

Audit Risk Assessment Made Easy

By Charles Hall | Accounting and Auditing

Audit risk assessment can be easy–or least easier–if you understand it. But many auditors continue to struggle with risk assessment. That’s why I’ve written the book Audit Risk Assessment Made Easy

Peer reviews continue to reveal the failure of auditors to:

  • Understand and document internal controls 
  • Identify risks of material misstatement
  • Develop audit steps responsive to risks of material misstatement
  • Document risk assessment at the assertion level
  • Provide support for lower inherent risk assessments
  • Assess control risk at the right level
  • Document linkage between risk assessment and audit procedures
  • Use tests of details, substantive analytics, and test of controls as responses to risks of material misstatement

So, we need to understand risk assessment to avoid peer review problems, but, more importantly, risk assessment allows us to see what others miss. 

My New Book Helps You See What Others Miss

I have written a new book, Audit Risk Assessment Made Easy, to help you to see what others miss. Here’s a video overview. 

Common Risk Assessment Questions

The book addresses common questions regarding risk assessment such as:

  • Why do I need to understand internal controls if I am using a fully substantive approach?
  • What internal controls should I pay attention to?
  • What is a walkthrough and when is it needed?
  • What risk assessment procedures are required?
  • When is an account balance, transaction cycle, or disclosure significant?
  • What makes an assertion inherently risky?
  • Can I assess control risk at high even though controls are appropriate?
  • What is a significant risk?
  • How do I assess the risk of material misstatement, including inherent risk and control risk?
  • What is linkage and why is it important?
  • How do I know what audit procedures to include in my audit programs?

As you read the book, you’ll see the answers to these questions and you’ll gain a greater ability to see what others miss. In other words, you’ll have greater confidence in your ability to understand and use risk assessment. Let me go out on a limb and say you might—by the time you’re done—delight in risk assessment. Is that possible? I’m betting on it.

Here’s what others are saying about Audit Risk Assessment Made Easy

Praise for Audit Risk Assessment Made Easy

Too often auditors perform risk assessment procedures as a check-the-box compliance exercise, perhaps because genuine risk assessments require an intimidating amount of professional judgment. In Audit Risk Assessment Made Easy, Charles walks us gently through the process using helpful examples and anecdotes. In so doing, he makes a persuasive case that risk assessment is the key to performing audits that are both effective and efficient.

Dr. Eddie Thomas
Georgia College & State University
Milledgeville, Georgia

Charles clearly recognizes that the CPA’s world of auditing has its own specific, highly technical language many might call “auditor-ese” that can overcomplicate and confuse. Audit practitioners need to more easily visualize and more fully comprehend the application of risk assessment into professional and effective action steps. Charles’ writing style communicates that even the most complicated task is so much easier to understand and undertake when it is explained and described in simple language with practical examples. 

By taking a page from the Mark Twain method to describe fence painting and Mississippi rafting, Charles breaks risk assessment down into understandable, manageable and effective steps, using uncomplicated declarative sentences, plotting a path to help to make audit risk assessment “easy” and the assurance mission possible. 

James J. Newhard, CPA
Paoli, Pennsylvania

It’s easy to look at risk assessment only in terms of what you need to pass peer review.  That’s a shame because when risk assessment is done well it can laser focus your audits and identify opportunities to help your clients improve their controls. Audit Risk Assessment Made Easy will help you really understand your clients risks and how to respond. 

James H. Bennett, CPA
Managing Member
Bennett & Associates, CPAs, PLLC
Ann Arbor, Michigan

The risk assessment part of the audit can sometimes be a neglected part of the audit as it is often misunderstood. Charles does a fantastic job of explaining the importance of the risk assessment process in present day audits and explains it in a way that can be understood by all levels of auditors.  Thank you Charles.

Mark A. Welp, CPA, CFE
Principal, Audit & Assurance
Holbrook & Manter, CPAs
Columbus, Ohio

Charles takes the time to explain one of the most difficult aspects of auditing in clear and concise language.  His knowledge and wisdom is evident throughout the book with his understanding and enthusiasm providing practical guidance for all levels of auditors.  I highly recommend this book for auditors from staff to partner to augment their skills in the crucial area.

Geoff Fulton, CPA
Audit Partner
Fulton and Kozak
Atlanta, Georgia

Charles dissects one of the most difficult and most misunderstood topics in auditing and renders it easy to understand. He provides a holistic and practical approach to risk assessment. Required reading for all auditors.

Samuel Latimer, CPA, CFE
Rushton and Company, LLC
Gainesville, Georgia

Get Your Copy Now

Get your copy now. Click the book below to see it on Amazon. 

online information for CPAs
Nov 15

Online CPA Resources: A List

By Charles Hall | Accounting and Auditing

Are you looking for online CPA resources? You’ve come to the right place. 

There’s plenty of free online information such as the audit standards, compilation and review standards, illustrative reports, and fraud prevention information. There are also paid resources such as those provided by the AICPA’s audit quality centers.

Below I provide a list of free resources with links.

Then you’ll see information regarding the audit quality centers. 

online CPA resources


Free Online CPA Resources

Here’s a list of online CPA resources that I commonly use:

Paid Online CPA Resources

AICPA Audit Quality Centers

While the following are not free, consider joining audit quality centers if you have a concentration in areas such as governments and benefit plans. I have found our membership in the AICPA Governmental Audit Quality Center (GAQC) particularly helpful. They provide timely information alerts to keep you abreast of evolving changes such as those related to Yellow Book and Single Audits. The Employee Benefit Audit Quality Center is also useful. These audit quality centers provide practice aids and CPE classes relevant to governments and benefit plans. 

Another great resource (though not free) is the Center for Plain English Accounting (CPEA). The CPEA provides written responses to your technical questions; the AICPA Technical Hotline listed above is free but they don’t provide written responses, only verbal. The CPEA also provides timely articles about accounting and auditing changes, some of the best I have seen. Their quarterly accounting and auditing CPE update is also quite useful. 

Your Online Resources

What other online resources do you use as a CPA? Leave a comment.

How to Identify and Manage Audit Stakeholders
Nov 08

How to Identify and Manage Audit Stakeholders

By Harry Hall | Auditing

This is a guest post by Harry Hall. He is a Project Management Professional (PMP) and a Risk Management Professional (PMI-RMP). See his blog at

Some auditors perform the same procedures year after year. These individuals know the drill. Their thought is: been there; done that. But, before we start the engagement, we need to identify the audit stakeholders. 

Imagine a partner or an in-charge (i.e., project manager) with this attitude. He does little analysis and makes some costly stakeholder mistakes. As the audit team starts the audit, they encounter surprises:

  • Changes in the client stakeholders – accounting personnel and management
  • Changes in accounting systems and reporting
  • Changes in business processes
  • Changes in third-party vendors
  • Changes in the client’s external stakeholders

Audit Stakeholders

Furthermore, imagine the team returning to your office after the initial work is done. The team has every intention of continuing the audit; however, some members are being pulled for urgent work on a different audit.

These changes create audit risks–both the risk that the team will issue an unmodified opinion when it’s not merited and the risk that engagement profit will diminish. Given these unanticipated factors, the audit will likely take longer and cost more than planned. And here’s another potential wrinkle: Powerful, influential stakeholders may insist on new deliverables late in the project.

So how can you mitigate these risks early in your audit?

Perform a stakeholder analysis.

“Prior Proper Planning Prevents Poor Performance.” – Brian Tracy

Continue reading

Using Project Management in Audits
Nov 08

Project Management in Audits: Key to Profit

By Charles Hall | Auditing

On the first day of your audit, you’re confident you’ll deliver your report on time. You have visions of a happy client and happy firm partners. But, somewhere along the way, things break down. Your best auditor transfers to another job. You learn–as the audit progresses–that your junior staff member lacks sufficient training. Your client is not providing information as requested. And, additionally, your audit team has unearthed a fraud.

How can you lessen or respond to these problems? Project management. In this post, I’ll tell you what it is and how you can start using project management in audits, including software selection and practical implementation steps.

Project Management in Audits

Using Project Management in Audits

Auditors need to be effective (by complying with professional standards), but we also need to be efficient (if we want to make money). And project management creates efficiency.

Managing resources, identifying impediments to audit processes, responding to scope creep–these are just a few of the issues that we encounter. And these challenges can increase engagement time and decrease profits. Worse yet, that promise regarding timely completion can go unmet. 

Either we will manage our audits, or they will manage us. 

So, what are the keys to using project management in audits?

  • Audit team members
  • Project management software
  • Create a project management plan
  • Be aware
  • Be vigilant

Audit Team Members

The number one ingredient to a successful audit is your team members. Even more important is the person managing the engagement.

Have you noticed that some people–regardless of the obstacles–just get things done? If possible, get and keep people like this on your audit teams. You may be thinking–at this moment–“but our firm has a difficult time hiring and retaining great employees.” Then revisit your hiring and retention practices.

Having great team members is essential, but they need to work together. So, how do we get them to play their roles at the right time? A project management plan defined in project management software.

Project Management Software

There are plenty of useful project management software packages. They include:

Pricing varies. Some are free while others are expensive. So, you’ll need to do your research to determine which solution is best for you. Personally, I use Basecamp. If you want to start with a free application, try Trello or Asana. Another option is Smartsheet (an Excel-spreadsheet-based product). Larger firms may desire to take a look at XCMWorkflow.

I was recently exposed to SuraLink in an engagement where I assisted a city government with its preparation for an audit. The external auditors used SuraLink to request and receive information from the client. I was very impressed with this product. Though I have used Basecamp historically (as you’ll see in a moment), I plan to give SuraLink a hard look. Basecamp is wonderful in terms of use-of-use, but I’m not confident in the security. So I’ve used Basecamp in conjunction with other products such as ShareFile and Box. SuraLink appears to provide you with one product to manage and house documents. 

Regardless of the project management software you use, always think about security since you are uploading and downloading client files. 
Continue reading

1 2 3 38