All Posts by Charles Hall


About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

Center for Plain English Accounting
Nov 19

Center for Plain English Accounting: A Review

By Charles Hall | Accounting and Auditing

Do you ever need a heavy-weight to assist you with a complex accounting issue? Or do you ever wonder how you’ll ever keep up with all the new FASB and AICPA standards? The Center for Plain English Accounting (CPEA) might be your answer. 

Last week I was working with another partner to resolve a nonprofit accounting issue. He had one opinion and I had another. Both were logical. Each appeared to be possible. But we needed a single answer. What did we do? We submitted our question to the CPEA. Within twenty-four hours we had an answer–in writing. (I would say who was right but I might embarrass myself.) And with it, we documented our consultation per our firm’s quality control document. Now, if the issue comes up in peer review, we have a solid answer for our position. 

Below I provide you with a review of the CPEA and whether the annual dues are worthwhile. 

Center for Plain English Accounting

Why Join the Center for Plain English Accounting?

My firm joined the CPEA about four years ago. What led to that decision? We had used the free AICPA Hotline service for years, and the experience was positive. But as you may know, the AICPA Hotline does not offer written responses. I would send the Hotline an email with an inquiry, and the AICPA would call me with an answer, usually within 24 hours. I would document that discussion in my engagement file. But, in the back of my mind, I always longed for a written response. Why? These were usually thorny, high-risk issues. And I wanted black-and-white written answers. Something I could bank on. This is part of what the CPEA does: they provide written answers to technical questions.

Center for Plain English Accounting Mission

The CPEA provides other services as well.

As a member, you receive a monthly report (see example below) covering a variety of accounting and auditing issues. You also receive emails with alerts and special reports about hot-topic issues. The last alert informed members about the delay in the effective date of the lease standard. These technical reports and alerts are accessible online, so you have a library of past articles to assist you. 

Here’s my latest monthly special report email.

center for plain english accounting

Additionally, the CPEA offers CPE at reasonable rates. These are online sessions, though they do offer an in-house option. 

In short, the CPEA provides information about evolving technical issues and answers to specific accounting and auditing questions.

I have found their staff to be accessible and easy to work with. They are some of the best in the business. 

Here’s an excerpt from their website regarding what they do:

The Center for Plain English Accounting (CPEA) is the AICPA’s national A&A resource center, sponsored by the Private Companies Practice Section. The CPEA’s team of experts assist members with accounting, auditing, attest, review, and compilation needs by sharing technical advice and guidance. The CPEA’s straight-forward and clear style of writing and speaking gives practitioners the opportunity to understand the applicability of the professional literature when preparing financial statements and when auditing, reviewing, and compiling those financial statements.

Cost of CPEA Membership

What’s the cost of joining the CPEA? $1,700 per year. So it’s not cheap. But I feel like my company receives its money’s worth. We pose several questions each year, and we receive timely written responses–every time. For firms that don’t have a national office (and most don’t), this is an excellent solution.

There are also smaller firm options. If you have five or fewer professionals, the annual fee is $795. If you are a sole practitioner, it is $450. Additionally, if you are not a member, you can pay a per-inquiry fee of $300. 

Here’s additional information about membership

Submitting Questions to the CPEA

How do you submit your questions to the CPEA? With an online form such as the following:


Worth the Money?

For me, the cost of membership has been worth the money. If your firm desires to keep up with evolving standards and needs written answers to technical questions, the CPEA is an excellent choice. 

debt covenant violations
Nov 17

Debt Covenant Violations: How to Report

By Charles Hall | Accounting

How does a debt covenant violation affect the presentation of debt on a balance sheet? If a waiver from the lender is obtained, should the violation be disclosed? In this article, I will tell you how to report debt covenant violations.

debt covenant violations

Lenders commonly include debt covenants in loan agreements. Those covenants might require certain profitability, liquidity, or cash flow ratios. A violation of such requirements can make long-term debt callable. And, by definition, the debt becomes current since it is now due within one year of the balance sheet date. 

If a debt covenant violation occurs, the debt should be classified as current unless the lender provides a waiver for more than one year from the balance sheet date. (See an exception below when there are subsequent measurement dates within one year of the balance sheet date.)

How should debt be classified if a cure occurs prior to the issuance of the financial statements? Debt is shown as noncurrent if the company is able to cure a violation subsequent to the balance sheet date but before the issuance date (or date available for issuance) of the financial statements.

Additionally, some loans provide for a grace period. If the violation is cured during the grace period, the debt will be reported as long-term. Also if the cure has not already occurred but the company demonstrates it is probable that the cure will occur within the grace period, then the debt will be reported as long-term.

Reporting Debt Covenant Violations

When a violation occurs, the main consideration in classifying long-term debt is whether the amount is due or callable within one year of the balance sheet date. If the loan is due or callable within the year after the period-end, the amount generally should be reported as current. If a debt covenant violation is timely cured within a grace period, then the debt is no longer callable and will, therefore, remain long-term. Noncurrent classification is also appropriate if the creditor provides a waiver that extends more than one year beyond the balance sheet date.

Waivers do not, however, guarantee long-term debt classification, particularly if there are other measurement dates within the year after the period-end. 

Subsequent Measurement Dates

470-10-45 of the FASB Codification provides the following guidance:

Some long-term loans require compliance with quarterly or semiannual covenants that must be met on a quarterly or semiannual basis. If a covenant violation occurs that would otherwise give the lender the right to call the debt, a lender may waive its call right arising from the current violation for a period greater than one year while retaining future covenant requirements. Unless facts and circumstances indicate otherwise, the borrower shall classify the obligation as noncurrent, unless both of the following conditions exist:

a. A covenant violation that gives the lender the right to call the debt has occurred at the balance sheet date or would have occurred absent a loan modification.
b. It is probable that the borrower will not be able to cure the default (comply with the covenant) at measurement dates that are within the next 12 months.

If both of these conditions exist, then the debt is shown as current.

Consider a scenario where a company has a covenant violation on December 31, 2019, and it obtains a waiver from the lender that lasts through January 1, 2021. If a September 30, 2020 measurement date is required by the loan agreement and it is probable that the company will not be in compliance, then the loan is classified as current on December 31, 2019, even though the waiver was obtained. Why? The new violation would make the loan callable within one year of the balance sheet date. (The prior waiver was in relation to the December 31, 2019 violation, not a subsequent violation.)

Is Disclosure Required if a Waiver is Obtained?

If a company obtains a waiver for more than one year from the balance sheet date, must the financials disclose this fact (that a waiver was obtained)?

The AICPA answers this question–in Q&A section 3200 (paragraph 17)–with the following:

The authoritative literature applicable to nonpublic entities does not address disclosure of debt covenant violations existing at the balance-sheet date that have been waived by the creditor for a stated period of time. Nevertheless, disclosure of the existing violation(s) and the waiver period should be considered* for reasons of adequate disclosure. If the covenant violation resulted from nonpayment of principal or interest on the debt, inability to maintain required financial ratios or other such financial covenants, that information may be vital to users of the financial statements even though the debt is not callable.

*Emphasis added by CPAHallTalk

Translation: It is wise to disclose the debt covenant violation and the existence of the waiver.

FASB’s Current Work on a New Debt Standard

The FASB has an ongoing project regarding the classification of debt. The FASB issued a revised Exposure Draft on September 12, 2019, Debt (Topic 470): Simplifying the Classification of Debt in a Classified Balance Sheet (Current versus Noncurrent). Comments were due October 28, 2019. It has taken FASB over two years to deliberate this topic. So you call tell the classification decision is not an easy one.

Additional Information About Auditing Debt

See my post regarding the audit of debt.

financial statement references
Nov 03

Financial Statement References (at the Bottom of the Page)

By Charles Hall | Accounting , Preparation, Compilation & Review

What financial statement references are required at the bottom of financial statement pages? Is there a difference in the references in audited statements and those in compilations or reviews? What wording should be placed at the bottom of supplementary pages? Below I answer these questions.

financial statement references

Audited Financial Statements and Supplementary Information

First, let’s look at financial statement references in audit reports.

While generally accepted accounting principles do not require financial page references to the notes, it is a common practice to do so. Here are examples:

  • See notes to the financial statements.
  • The accompanying notes are an integral part of these financial statements.
  • See accompanying notes.

Accountants can also–though not required–reference specific disclosures on a financial statement page. For example, See Note 6 (next to the Inventory line on a balance sheet). It is my preference to use general references such as See accompanying notes.

Audit standards do not require financial statement page references to the audit opinion.

Supplementary pages should not include a reference to the notes or the opinion.

Preparation, Compilation, and Review Engagements

Now, let’s discuss references in preparation, compilation, and review engagements. 

Compilation and Review Engagements

The Statements on Standards for Accounting and Review Services (SSARS) do not require a reference (on financial statement pages) to the compilation or review report; however, it is permissible to do so. What do I do? I do not refer to the accountant’s report. I include See accompanying notes at the bottom of each financial statement page (when notes are included). This reference to notes, however, is not required, even when notes are included. (Notes can be omitted in compilation engagements.)

You are not required to include a reference to the accountant’s report on the supplementary information pages. Examples include:

  • See Accountant’s Compilation Report.
  • See Independent Accountant’s Review Report.

What do I do? I include a reference to the accountant’s report on each supplementary page. But, again, it’s fine to not include a reference to the report.

Preparation of Financial Statement Engagements

Additionally, SSARS provides a nonattest option called the preparation of financial statements (AR-C 70). This option is used by the CPA to issue financial statements that are not subject to the compilation standards. No compilation report is issued. AR-C 70 requires that the accountant either state on each page that “no assurance is provided” or provide a disclaimer that precedes the financial statements. AR-C 70 does not require that the financial statement pages refer to the disclaimer (if provided), but it is permissible to do so. Such a reference might read See Accountant’s Disclaimer.

If your AR-C 70 work product has supplementary information, consider including this same reference (See Accountant’s Disclaimer) on the supplementary pages.

AICPA Consulting Standards
Oct 31

AICPA Consulting Standards – The Swiss Army Knife

By Charles Hall | Accounting and Auditing

In this post, I tell you how to use the AICPA Consulting Standards (Statement on Standards for Consulting Services). I will also compare AUP engagements with consulting engagement options.

Are you ever asked to perform unusual engagements? Such as a report of a city’s water loss. Or a review of billing and receipts internal controls. Or maybe a test count of widgets in the Macon, Georgia warehouse.

When such requests are made, you might wonder “what professional standards should I follow?” Often the answer is the AICPA Consulting Standards.

AICPA Consulting Standards

AUP or a Consulting Engagement?

Regarding new and unusual engagements, I am sometimes asked, “Should this be an agreed-upon-procedures (AUP) engagement or a consulting engagement?” 

My answer: It depends.

Allow me a moment to compare AUPs with Consulting engagements, and then I’ll explain what the decision hinges upon.

Agreed Upon Procedures Engagement

First, consider the AUP option.

AUPs are mainly composed of the following:

  1. Procedures
  2. Findings

You perform the procedures in relation to assertions made by a responsible party.

An example of a procedure and finding follows:

Procedure – Agreed all January 2020 disbursements greater than $20,000 to checks that cleared the bank statement; compared the payee on each check to the payee per the check register.

Finding – All check payees agreed with the exception of check 2394 for $45,000. The payee for this check was I. Cheatum, and the check register reflected a payment to King’s Supply Company.

Additionally, independence is required.

CPA Consulting Engagement

Second, we’ll consider the consulting engagement option.

A consulting engagement is less precise than an AUP and does not necessarily follow the procedures/findings format. There are no specific reporting standards for a consulting engagement, so a CPA can more easily design the engagement to meet various needs. The consulting standards are more flexible than the attestation standards. And this flexibility enables you to be more creative in designing the engagement.

Assertions by a responsible party are not required under the consulting standards.

Moreover, independence is not required.

A consulting report might address the following:

  1. Reading of minutes
  2. Interviews of individual employees
  3. Flowcharting of internal controls
  4. Summary of production statistics
  5. Narrative of business goals and enterprise risks

As you can tell, there are no procedures and findings (though you are not prohibited from doing so). Most CPAs usually perform AUPs when there are specific procedures.

The Best Option

So which is better? An AUP or a consulting engagement?

I’ll say it again: It depends. On what? Third party reliance.

Consider the following:

  1. Will there be external parties (e.g. creditors) placing reliance on the report?
  2. Is the purpose of the report to add credibility to the information (by having the CPA attest to procedures and findings)?

If the answer to either of these questions is yes, then consider the AUP option. Why? The Attestation Standards–the guidance for AUPs–are more defined and rigorous. And AUP procedures tend to be more specific than those in a consulting engagement.

If no third party reliance, then a consulting engagement may be the better option. Always ask, “Who will receive the report?” You need to know who will read and potentially place reliance upon the report. Then design the work product accordingly. 

Litigation Exposure

Are consulting engagements riskier than AUPs? Generally, yes. At least, in my opinion.

The safer option is to perform an AUP. In such engagements, you are asked by the client to perform particular procedures. This specificity lowers the risk of potential litigation as it relates to your work product. The flexibility of a consulting engagement, while helpful in designing creative deliverables, can be riskier because of the lack of specific client requirements. 

Now, let me provide you with an overview of the Consulting Standards. As you read this primer, consider how flexible the guidance is.

AICPA Consulting Standards Primer

You might call the AICPA Consulting Standards the CPA’s Swiss army knife. Why? Because of the diversity of services you can perform.

What services fall under these standards?

The consulting standards specifically address six areas:

  1. Consultations – e.g., reviewing a business plan
  2. Advisory services – e.g., assistance with strategic planning
  3. Implementation services – e.g., assistance with a merger
  4. Transaction services – e.g., litigation services
  5. Staff and other support services – e.g., controllership services
  6. Product services – e.g., providing packaged training services

CPAs often provide consulting services such as the following:

  • Consultations with regard to complex transactions
  • Fraud investigation services
  • Internal control services
  • Bankruptcy services
  • Divorce settlement services
  • Controllership services
  • Business plan preparation
  • Cash management
  • Software selection
  • Business disposition planning

Now, let’s review the characteristics of consulting engagements.

Characteristics of a Consulting Engagement

The characteristics of a consulting engagement include the following:

  • Generally nonrecurring
  • Requires a CPA with specialized knowledge and skills
  • More interaction with client
  • Generally performed for the client (usually, no third party sees the information)

But, what are the workpaper requirements for a consulting engagement?

Consulting Workpaper Requirements

Consulting workpaper requirements are minimal. Nevertheless, documentation is always wise.

The understanding with the client can be oral or in writing (I recommend the latter).

The consulting standards do not require the CPA to prepare workpapers, but you should do so anyway. The workpapers are the link between your work and your report. Also, the general standards of the profession, contained in the AICPA Code of Professional Conduct, apply to all services performed by members. The general standards state:

Sufficient Relevant Data. Obtain sufficient relevant data to afford a reasonable basis for conclusions or recommendations in relation to any professional services performed.

By now, you’re probably thinking the Consulting Standards sound easy, I’ll bet the reporting requirements are challenging. Not so, my friend.

Consulting Reports

A report is not required, but if one is provided, the client and CPA determine the content and format. How’s that for flexibility? 

No Opinion or Accountant’s Report

For consulting engagements, the CPA does not issue an opinion or any other attestation report.

Subject to Peer Review?

Are deliverables created under the Consulting Standards subject to peer review? No.

Where Can I Find the AICPA Consulting Standards?

Here are the AICPA Consulting Standards. They are only a few pages long. 

AICPA Consulting Standards Summary

The Consulting Standards provide us with a breath of options, enabling you and I to craft services and reports in the manner desired by our clients. This is one Swiss army knife that I will continue to use. 

audit walkthrough
Oct 25

Audit Walkthroughs: The What, Why, How, and When

By Charles Hall | Accounting and Auditing , Risk Assessment

What is the purpose of audit walkthroughs? How do you document walkthroughs? Is it better to use checklists, flowcharts or summarize narratively? How often should walkthroughs be performed? Are they required? Will a walkthrough allow me to assess control risk at less than high?

In this post, I answer these questions about one of the most important risk assessment procedures: walkthroughs. I share techniques I’ve used for over five years. They work for me, and they will work for you.

Let’s dive right in.

audit walkthrough

What are Audit Walkthroughs?

Walkthroughs are cradle-to-grave reviews of transaction cycles. You start at the beginning of a transaction cycle (usually a source document) and walk the transaction to the end (usually posting to the general ledger). The auditor is gaining an understanding of how a transaction makes its way through the accounting system and about related internal controls.

As we perform a walkthrough, we:

  • Make inquiries
  • Inspect documents
  • Make observations

By asking questions, inspecting documents, and making observations, we are evaluating internal controls to see if there are weaknesses that would allow errors or fraud to occur. Audit standards do not permit the use of inquiries alone. Observations and inspections must also occur.

Some auditors believe that audit walkthroughs (or documentation of controls for significant transaction cycles) are not necessary if the auditor is assessing control risk at high. This is not true. While the auditor can assess control risk at high, she must first gain an understanding of the cycle and the related controls. In other words, the auditor can’t default to high. Risk assessment procedures are required.

What is not an Audit Walkthrough?

Following a transaction through the accounting system–without reviewing controls–is not an audit walkthrough. We must examine controls to see if they have been implemented and to see if they are properly designed. 

Placing a copy of the operating and accounting system manual in the audit file is not a walkthrough. While manuals tell you what the client intends to do, they don’t tell you what is occurring. In other words, they don’t answer the implementation question.

Lastly, asking a client, “Is everything the same as last year?” is not a walkthrough. Auditors must do more than inquire. 

Internal Controls Documented in Prior Audits

In some situations, AU-C section 315 allows the auditor to rely on audit evidence obtained in prior periods. In those situations, the auditor is required to perform audit procedures to establish the continued relevance of the audit evidence obtained in prior periods (for example, by performing a walkthrough). 

Here’s what AU-C 315.A20 says about prior year audit information used in the current year:

Paragraph .10 requires the auditor to determine whether information obtained in prior periods remains relevant if the auditor intends to use that information for the purposes of the current audit. For example, changes in the control environment may affect the relevance of information obtained in the prior year. To determine whether changes have occurred that may affect the relevance of such information, the auditor may make inquiries and perform other appropriate audit procedures, such as walk-throughs of relevant systems.

Why Audit Walkthroughs?

Accountants are often more comfortable with numbers than processes. We like things that “tie,” “foot,” or “balance.” We may not enjoy probing accounting systems for risk. It’s too touchy-feely. Even so, passing this responsibility off to lower staff is not a good choice. It’s too complicated–and too important. So there’s no getting around it. The walkthrough—or something like it—must be done. Why? We’re gaining an understanding of risks and responding to them. We’re developing our audit plan. Screw up the plan, and we screw up the audit.

What is the purpose of the walkthrough? Identification of risk—specifically, the risk of material misstatement. Once we know the risks, we know where to audit.

Walkthroughs and Lower Control Risk Assessment

Usually, audit walkthroughs are not sufficient to support lower control risk assessments (those less than high). If the auditor assesses control risk at less than high, she is required to test the effectiveness of the control. Since audit walkthroughs are usually a test of one transaction, they typically don’t prove operating effectiveness.

Regarding computer controls, a walkthrough of one transaction might be sufficient to prove effectiveness if general computer controls are working—namely, change control. Why? Computer controls are usually consistent. 

An auditor can determine whether a control has been implemented with a test of one transaction. Effectiveness, on the other hand, normally requires a test of transactions. For example, a test of 40 transactions for appropriate purchase orders.

audit walkthrough

Audit Walkthrough Documentation

While you can use checklists, flowcharts, narratives, or any other method that enables you to gain your understanding of controls, my favorite is a narrative mixed with screenshots.

So how do I do this?

I interview personnel. Usually, one or two people can explain a particular transaction flow (e.g., disbursement cycle), but some complicated processes may require several interviews. 

Early on, I may not know how each person’s work fits into the whole. It’s like gathering puzzle pieces. The interviews and information may feel random, even confusing. But, later, when you put the parts together, the picture speaks more clearly. Then, you’ll understand the accounting system and control environment.

My Audit Walkthrough Tools

I document the conversations using:

  • A Livescribe pen
  • My iPhone camera

Taking Notes

Using a Livescribe pen, I write notes and record the conversations.

I begin the interview by saying, “Tell me what you do and how you do it. Treat me as if I know nothing. I want to hear all the details.” (For sample transaction-level walkthrough questions, see my audit series titled The Why and How of Auditing.)

As I listen, I write notes. At the same time, my Livescribe pen records the audio. Later the conversation can be played from the pen. (For more information about Livescribe, see my article: Livescribe, Note Taking Magic (for CPAs). )

Click the pen below to see Livescribe on Amazon.

I find that most interviewees talk too fast—at least faster than I can write. As I’m writing about the last thing they’ve said, they are moving to the next, and I fall behind. So I write simple phrases in my Livescribe notebook such as:

  • Add vendor
  • Charlie opens mail
  • P.O. issued by Purchasing
  • Checks signed by the computer

Later, as I’m typing the walkthrough narrative, I touch the letter “A” in “Add vendor” with the tip of my pen (I’m doing so in my Livescribe notes). This action causes the pen to play the audio for that part of the conversation. Likewise, touching “C” with the tip of my pen–in “Checks signed by the computer”–causes the pen to play that part of the discussion. Since the audio syncs with my notes, I can hear any part of the discussion by touching a letter with my pen.  

Taking Pictures

In addition to writing notes in my Livescribe notebook, I take pictures with my iPhone. Of what? Here are examples (from a payables interview):

  • Invoice with approver’s initials  
  • Screenshot of an invoice entry  
  • If several people are processing invoices, I take a group picture of them at their desks
  • A signed check 
  • The bank reconciliation 

So my inputs into the walkthrough document are as follows:

  • Livescribe notes and audio
  • Photos of documents and persons 

 Audit Walkthrough Summary

I write my narratives in Word and embed pictures as needed. The walkthrough documentation takes this shape:

  • Narrative
  • Pictures
  • Control identification
  • Control weakness identification

Why identify control deficiencies in the walkthrough? So I can link them to my risk assessment summary. The system’s weaknesses tell me where risks exist.

Another key feature of the walkthrough documentation is the identification of who I spoke with and when. So, at the top of the transaction cycle description, I name the persons I interviewed and the date of the conversation. For example:

Charles Hall interviewed Johnny Mann, Hector Nunez, and Suzanne Milton on October 25, 2019. 

Look Beyond the Normal Client Procedures

It’s easy for clients to tell you about normal procedures, but they may not think about unusual situations such as the absence of an employee or how errors are corrected.

Always ask who performs control procedures when a key person is out. Why? If someone can—even though they don’t normallyperform key controls, you need to know. Why? Such a situation can lead to fraud. For example, if a person does not normally issue checks but can, and that person also reconciles the bank statement, he might issue fraudulent checks. He knows the theft will not be detected through normal controls–in this case, the bank reconciliation.

Always look beyond accounting policies and routine procedures to see what can happen. I often have clients say to me, “John is the only one who approves the purchase orders,” for example. But I know this is not true because purchases would cease to occur when John is out. So I ask, “Who issues purchase orders when John is on vacation?”

Additionally, ask how errors are corrected. When things go wrong (and they sometimes do), you want to know how they are made right.

Identification of Controls and Control Weaknesses

As you write your narrative of the accounting system and controls, highlight both controls and control weaknesses.

I note appropriate controls as follows: 

Control: Additions of new vendors is limited to three persons in the accounts payable department. Each time a new vendor is added, the computer system automatically sends an email to the CFO notifying her of the addition. Persons adding new vendors cannot process signed checks.

I note control weaknesses as follows:

Control Weakness: Only one signature is required on check disbursements. Johnny Mann signs checks, has possession of check stock, keys invoices into the payables system, and reconciles the related bank account. 

Response to Risk of Material Misstatement

The control weakness created by Johnny Mann’s duties increases the risk of theft. My response? I establish audit procedures in my audit program to address the risk such as:

  • Review one month’s cleared checks for appropriate payees. 

How do you know what audit procedures to perform in response to the risk? Ask, “What can go wrong?” and design a test for that potential. Johnny can write checks to himself. My response? Scan cleared checks to see if the payees are appropriate.

Communication of Internal Control Weaknesses

Though this article focuses on planning and risk assessment, the identification of control weaknesses will impact our end-of-audit communications.

The words Control Weakness (as shown above) makes it easy to locate control weaknesses. Upon completion of the walkthrough, I summarize all control deficiencies so I can track the disposition of each one. Each weakness is a:

  1. Material weakness
  2. Significant deficiency, or
  3. Other weakness 

I report material weaknesses and significant deficiencies in writing to management and those charged with governance. I communicate other deficiencies in a management letter (or verbally and document the discussion in my work papers). 

See my article about classifying control weaknesses.

Audit Walkthrough Frequency

How often are walkthroughs required?

Answer: Once per year, if this is how you corroborate your understanding of the cycle. While walkthroughs are not specifically required in the audit standards, you do need to verify your understanding of the accounting system and related controls. And I know of no better way.

audit walkthrough

AICPA Guidance on Walkthrough Frequency

TIS Section 8200.12, as issued by the AICPA, states the following:

Inquiry—AU section 314 (now AU-C 315) requires the auditor to obtain an understanding of internal control. An auditor might perform walkthroughs to confirm his or her understanding of internal control. If the auditor decides to use walkthroughs to confirm his or her understanding of internal control, how often do walkthroughs need to occur?

Reply—In accordance with AU Section 314 (now AU-C 315), the auditor is required to obtain an understanding of internal control to evaluate the design of controls and to determine whether they have been implemented. To do that, performing a walkthrough would be a good practice. Accordingly, auditors might perform a walkthrough of significant accounting cycles every year [emphasis added].

If we’ve documented walkthroughs in prior years, then we need to do so again in the current year to prove the continuing relevance of the audit documentation. 

The Value of Walkthroughs

Walkthroughs tell us where risks are so we can plan our engagements to detect material misstatements.

Additionally, they allow us to add value to our audits. Clients want more than just an opinion. They desire to keep assets safe and to maintain accurate records. Well written management letters that highlight control weaknesses allow you to do just that. Time to start walking.

For additional information about risk assessment, see my article Audit Risk Assessment: The Why and How.