Audit and Work Paper Mistakes: A List of 40

By Charles Hall | Auditing

Feb 19

Today, I offer you a list of forty audit and work paper mistakes.

audit and work paper mistakes

The list is based on my observations from over over thirty-five years of audit reviews (and not on any type of formal study).

You will, however, shake your head in agreement as you read these. I know you’ve seen them as well. The list is not comprehensive. So, you can add others in the comments section of this post.

Here’s the list.

  1. No preparer sign-off on a work paper
  2. No evidence of work paper reviews
  3. Placing unnecessary documents in the file (the work paper provides no evidential matter for the audit)
  4. Signing off on unperformed audit program steps
  5. No references to supporting documentation in the audit program
  6. Using canned audit programs that aren’t based on risk assessments for the particular entity
  7. Not documenting expectations for planning analytics
  8. Inadequate explanations for variances in planning analytics (“revenue went up because sales increased”)
  9. Planning analytics with obvious risk of material misstatement indicators, but no change in the audit plan to address the risk (sometimes referred to as linkage)
  10. Not documenting who inquiries were made of
  11. Not documenting when inquiries were made
  12. Significant deficiencies or material weaknesses that are not communicated in written form
  13. Verbally communicating control deficiencies (those not significant deficiencies or material weaknesses) without documenting the conversation
  14. Performing needed substantive tests with no related audit program steps (i.e., the audit program was not amended to include the necessary procedures)
  15. Assessing control risk below high without testing controls
  16. Assessing the risk of material misstatement at low without a basis (reason) for doing so
  17. Documenting significant risks (e.g., allowance for uncollectible receivable estimates in healthcare entities) but no high inherent risks (when inherent risk are separately documented)
  18. Not documenting the predecessor auditor communication in a first-year engagement
  19. Not documenting the qualifications and objectivity of a specialist
  20. Not documenting all nonattest services provided
  21. Not documenting independence
  22. Not documenting the continuance decision before an audit is started
  23. Performing walkthroughs at the end of an engagement rather than the beginning
  24. Not performing walkthroughs or any other risk assessment procedures
  25. Not performing risk assessment procedures for all significant transaction areas (e.g., risk assessment procedures performed for billing and collections but not for payroll which was significant)
  26. Not retaining the support for opinion wording in the file (especially for modifications)
  27. Specific items tested are not identified (e.g., “tested 25 disbursements, comparing amounts in the check register to cleared checks” — we don’t know which particular payments were tested)
  28. Making general statements that can’t be re-performed based on the information provided (e.g., “inquired of three employees about potential fraud” — we don’t know who was interviewed or what was asked or their responses)
  29. Retrospective reviews of estimates are not performed (as a risk assessment procedure)
  30. Going concern indicators are present but no documentation regarding substantial doubt
  31. IT controls are not documented
  32. The representation letter is dated prior to final file reviews by the engagement partner or a quality control partner
  33. Consultations with external or internal experts are not documented
  34. No purpose or conclusion statement on key work papers

35. Tickmarks are not defined (at all)

36. Inadequately defining tickmarks (e.g., ## Tested) — we don’t know what was done

37. No group audit documentation though a subsidiary is included in the consolidated financial statements

38. No elements of unpredictability were performed

39. Not inquiring of those charged with governance about fraud

40. Not locking the file down within 60 days 

That’s my list of audit and workpaper mistakes. What would you add?

Even if you do all of these, have you documented them properly? See my article If It’s Not Documented, It’s Not Done.

Tweet5
Share
Share6
Flip
Email
Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

  • Zach says:
    December 26, 2018 at 10:35 pm

    Thank you for sharing your very useful experience with the next generation!

  • armando balbin says:
    February 23, 2021 at 11:52 am

    Charlie, this is not for me as I never, ever made even a small mistake.
    Ha ha ha.
    Thanks for posting

  • Resty says:
    February 25, 2021 at 1:53 am

    Thank you for sharing Charles

  • Charles Hall says:
    February 25, 2021 at 6:33 pm

    Knowing you, Armando, you probably never did. 🙂

  • Charles Hall says:
    February 25, 2021 at 6:33 pm

    You are welcome, Resty.

  • Charles Hall says:
    March 10, 2021 at 8:36 pm

    Thanks, Zach. I enjoy doing so!

  • Gregory Caudill says:
    March 13, 2021 at 7:16 pm

    Very good article!!!!

  • Charles Hall says:
    March 16, 2021 at 8:55 pm

    Thanks, Gregory.

    • Previous Post AU-C 315 Exposure Draft Issued by AICPA Next Post Audit Assertions in Financial Statement Audits
    >
    Tweet5
    Share
    Share6
    Flip
    Email