All Posts by Charles Hall

Follow

About the Author

Charles Hall is a practicing CPA and Certified Fraud Examiner. For the last thirty years, he has primarily audited governments, nonprofits, and small businesses. He is the author of The Little Book of Local Government Fraud Prevention and Preparation of Financial Statements & Compilation Engagements. He frequently speaks at continuing education events. Charles is the quality control partner for McNair, McLemore, Middlebrooks & Co. where he provides daily audit and accounting assistance to over 65 CPAs. In addition, he consults with other CPA firms, assisting them with auditing and accounting issues.

audit and work paper mistakes
Feb 19

Audit and Work Paper Mistakes: A List of 40

By Charles Hall | Auditing

Today, I offer you a list of forty audit and work paper mistakes.

audit and work paper mistakes

The list is based on my observations from over over thirty-five years of audit reviews (and not on any type of formal study).

You will, however, shake your head in agreement as you read these. I know you’ve seen them as well. The list is not comprehensive. So, you can add others in the comments section of this post.

Here’s the list.

  1. No preparer sign-off on a work paper
  2. No evidence of work paper reviews
  3. Placing unnecessary documents in the file (the work paper provides no evidential matter for the audit)
  4. Signing off on unperformed audit program steps
  5. No references to supporting documentation in the audit program
  6. Using canned audit programs that aren’t based on risk assessments for the particular entity
  7. Not documenting expectations for planning analytics
  8. Inadequate explanations for variances in planning analytics (“revenue went up because sales increased”)
  9. Planning analytics with obvious risk of material misstatement indicators, but no change in the audit plan to address the risk (sometimes referred to as linkage)
  10. Not documenting who inquiries were made of
  11. Not documenting when inquiries were made
  12. Significant deficiencies or material weaknesses that are not communicated in written form
  13. Verbally communicating control deficiencies (those not significant deficiencies or material weaknesses) without documenting the conversation
  14. Performing needed substantive tests with no related audit program steps (i.e., the audit program was not amended to include the necessary procedures)
  15. Assessing control risk below high without testing controls
  16. Assessing the risk of material misstatement at low without a basis (reason) for doing so
  17. Documenting significant risks (e.g., allowance for uncollectible receivable estimates in healthcare entities) but no high inherent risks (when inherent risk are separately documented)
  18. Not documenting the predecessor auditor communication in a first-year engagement
  19. Not documenting the qualifications and objectivity of a specialist
  20. Not documenting all nonattest services provided
  21. Not documenting independence
  22. Not documenting the continuance decision before an audit is started
  23. Performing walkthroughs at the end of an engagement rather than the beginning
  24. Not performing walkthroughs or any other risk assessment procedures
  25. Not performing risk assessment procedures for all significant transaction areas (e.g., risk assessment procedures performed for billing and collections but not for payroll which was significant)
  26. Not retaining the support for opinion wording in the file (especially for modifications)
  27. Specific items tested are not identified (e.g., “tested 25 disbursements, comparing amounts in the check register to cleared checks” — we don’t know which particular payments were tested)
  28. Making general statements that can’t be re-performed based on the information provided (e.g., “inquired of three employees about potential fraud” — we don’t know who was interviewed or what was asked or their responses)
  29. Retrospective reviews of estimates are not performed (as a risk assessment procedure)
  30. Going concern indicators are present but no documentation regarding substantial doubt
  31. IT controls are not documented
  32. The representation letter is dated prior to final file reviews by the engagement partner or a quality control partner
  33. Consultations with external or internal experts are not documented
  34. No purpose or conclusion statement on key work papers

35. Tickmarks are not defined (at all)

36. Inadequately defining tickmarks (e.g., ## Tested) — we don’t know what was done

37. No group audit documentation though a subsidiary is included in the consolidated financial statements

38. No elements of unpredictability were performed

39. Not inquiring of those charged with governance about fraud

40. Not locking the file down within 60 days 

That’s my list of audit and workpaper mistakes. What would you add?

Even if you do all of these, have you documented them properly? See my article If It’s Not Documented, It’s Not Done.

Feb 16

AU-C 315 Exposure Draft Issued by AICPA

By Charles Hall | Accounting and Auditing

The AICPA issued its AU-C 315 exposure draft in August 2020. AU-C 315, Understanding the Entity and its Environment and Assessing the Risks of Material Misstatements, has been with us several years. Now the AICPA is updating it. 

Conceptually the exposure draft is not that different from the extant standard, but the details introduce some interesting changes. The proposed standard, if adopted, will have a significant impact on future audits. 

AU-C 315

Risk Assessment: The Early Years

Risk assessment provides the foundation for planning an audit. So it's critical that an auditor understand the entity and its environment, including controls, prior to assessing the risk of material misstatement. 

The Auditing Standards Board (ASB) issued its original risk assessment standards in 2006 with SAS 109 being a part of that suite. Since that time auditors have done a much better job of understanding the entities they audit prior to planning. Even so, auditors continue to struggle with understanding internal controls. Additionally, some find it difficult to use that information in risk assessment and planning. 

Risk Assessment Confusion

Since the issuance of SAS 109, auditors have asked questions such as:

  • Why do I need to understand the system of internal controls if I am using a substantive approach?
  • What risk assessment procedures are required?
  • When are controls relevant to my audit (in other words, what controls should I pay attention to)?
  • How do I assess the risk of material misstatement?
  • Why is risk assessment not more scalable?
  • When is an account balance, transaction cycle, or disclosure significant (in other words, what accounts balances, transaction cycles, and disclosures should I pay attention to)?
  • What makes an assertion inherently risky?
  • What is a significant risk?

These questions (and related misunderstandings) manifested themselves in peer reviews. 

Peer Review Information

Firms are receiving peer review feedback saying there is a lack of documented understandings of the entity and its controls. Moreover, peer reviewers have found that auditors are, in some cases, not using the information--even when control understandings are documented--as a basis for risk assessment or planning. 

So, the AICPA is, in this update, trying to lend a helping hand. 

Exposure Draft Goals

The ASB is addressing the following with this exposure draft:

  1. The auditor's work to understand an entity's system of internal control
  2. Modernize the standard, particularly in regard to IT
  3. Assist the auditor in determining risks of material misstatements, including significant risks

Risk Assessment Upgrade

This ASB has received feedback from practitioners and firms since the exposure draft was issued. 

One of the things I see in the draft proposal is clarification regarding what's important in an audit (and how certain elements are defined), such as:

  • The reporting framework
  • Relevant assertions
  • Significant account balances, transaction cycles, disclosures
  • Significant risks

As I was reading the draft proposal, I kept thinking, this makes sense. I think you will too. 

Effective Date

The effective date, if the standard is issued, is for periods ending on or after December 15, 2023. 

Review Financial Statements
Feb 14

Review Financial Statements on Monitors

By Charles Hall | Accounting and Auditing , Technology

Today I give you seven steps to review financial statements on computer screens. I explain how to review financial statements in Word and in PDFs. 

In another post titled How CPAs Review Financial Statements, I provide information about creating and reviewing financial statements, but it doesn’t provide information about doing so on computer screens. This article does.

Review Financial Statements on Computer Screens

Financial Statement Review in Word

  1. First, open and visually scan the entire financial statement (spend two to three seconds per page) just to get a feel for the whole product. How do the parts fit together? Are the financial statements subject to the Yellow Book? Do they contain supplementary information? Are the statements comparative?
  2. Second, use a large computer screen (22 inches or more) to compare your financial statement pages. If you are reviewing in Word, reduce the financial statement page size by holding the control key down and scrolling back with your mouse. As you do so, you will see multiple statements on the screen, for instance: balance sheet, income statement and cash flow statement.  Now that you can see multiple statements, you can tick and tie your numbers. I use step 2. to compare the financial statement numbers. For example, I compare the net income number on the income statement to the same number on the cash flow statement. Then I use step 3. to compare the financial statements to the notes and the supplementary information.
  3. Next, use two to three computer screens to compare your financial statements with the notes and supplementary information. Open the financial statement on each screen–for instance, the balance sheet on screen 1, the notes on screen 2, and the supplementary information on screen 3. In Word, click View, New Window and another instance of the document will open. Then you can move the new instance to a second screen. Alternatively, you can use the side-by-side feature in Word to place two open documents on one screen. 
  4. After completing your review of the notes, return to and take a second look at the balance sheet to see if the disclosures are complete. (Since you just reviewed the notes, it’s easier to compare them to the balance sheet. If, for example, you look at the balance sheet and see inventory but no disclosure for the same, you’ll more easily see the error.)
  5. Use the find feature (in Word, click the Home tab, click Find, then key in the number–or word–you are looking for) to locate words or numbers. If you want to compare the long-term debt number on the balance sheet to the notes and to supplemental information, type that number into your search dialog box and you’re immediately taken to the same number in the notes. Click next, and you will see the next instance (in the supplementary information). You can do the same with words. (Note: If you embed Excel tables in the Word document, the find feature will not locate numbers in the embedded tables. Consider PDF review option below.)
  6. When needed, take breaks. Never spend more than 1.5 hours reviewing statements without taking a short break. You get more done by relaxing periodically.
  7. Finally, if you are reviewing financial statements in Word, consider turning on Track Changes and key in suggested revisions. Word reflects your modifications in a distinct color. That way, others can see your suggested changes. They can also see who made the suggested corrections. Thereafter, they can accept or reject the proposed changes.

Financial Statement Review with PDF Documents

You may find it easier to review financial statements after converting them to a PDF (rather than in Word). This makes all numbers and words fully searchable (no embedded Excel spreadsheet limitation issue). 

You can use the split screen feature (click Windows, Split in Adobe Acrobat) to see the same financial statements on one screen. I usually do this on my center screen. This allows me to scroll and compare numbers in the financial statements. For instance, I compare total assets with total liabilities and equity. Or I compare equity on the balance sheet with my statement of changes in equity ending balances. 

I also open a second instance of the PDF on my right-hand screen, mainly to compare my notes with the financial statements (on my center screen). Then I use control-f to locate numbers or words. For instance, if I see $456,856 for total plant, property, and equipment (on my center screen), I click on the right-hand screen, then control-f, then key in the number to find it in the notes. 

I make review comments in the PDF using the comments feature in Adobe Acrobat. Then persons can respond with the reply feature in the comments field. That way, they can provide a response, whether they agree or not—and what they did if a correction was made. 

Your Suggestions

Those are my ideas. What are yours?

Review Financial Statements
Feb 10

How CPAs Review Financial Statements

By Charles Hall | Accounting and Auditing

Most CPA firms create financial statements for their clients. This blog post tells you how to create and review financial statements efficiently and effectively.

Review Financial Statements

Picture is courtesy of AdobeStock.com

Create Financial Statements

First, where possible, electronically link the trial balance to the financial statements. (Linking is often done from the trial balance to Excel. Then the Excel document is embedded into a Word document.) Doing so will expedite the financial statement process and enhance the integrity of the numbers.

Do the following:

  • Prepare the initial draft of the statements
  • Create clear disclosures
  • Complete a current financial statement disclosure checklist 
  • Research any nonstandard opinion or report language (place sample reports from PPC or other sources in the file). Later the partner or manager will compare this supporting document to the opinion or report
  • Research any additional reports (e.g., Yellow Book, Single Audit). Place a copy of such reports in the file. Later the partner or manager will compare the supporting document to the opinion or report. 
  • The staff person should review the audit planning document to see if any new standards are to be incorporated into this to year’s financial statements

Next you’ll need to proof the financial statements.

Proof the Financial Statements

Proof your financial statements. The proofer usually does the following before the partner or managers’ review:

  • Add (foot the numbers for) all statements, notes, schedules
  • Tick and tie numbers such as:
    • Total assets equal total liabilities and equity
    • Ending cash on the cash flow statement agrees with the balance sheet
    • Net income on the income statement agrees with the beginning number of an indirect method cash flow statement
    • Numbers in the notes agree with the financial statements
    • Numbers in the supplementary schedules agree with the financial statements
  • Review financial statements for compliance with firm formatting standard 
  • Read financial statements for appropriate grammar and punctuation (consider using Grammarly)
  • Compare the table of contents to all pages in the report
  • Review page numbers

Partner or Manager Review

Finally, the partner or manager reviews the financial statements. Having the proofer do their part will minimize the review time for this final-stage review.

Here are tips for the final review:

  • Scan the complete set of financials to get a general feel for the composition of the report (e.g., Yellow Book report, supplementary information, the industry, etc.). This is a cursory review taking three or four seconds per page.
  • Read the beginning part of the summary of significant accounting policies taking note of the reporting framework (e.g., GAAP), type of entity (e.g., nonprofit), and whether the statements are consolidated or combined. Doing so early provides context for the remaining review of the financials.
  • Read the opinion or report noting any nonstandard language (e.g., going concern paragraph)
    • Agree named financial statement titles in the opinion or report to the financial statements
    • Agree the dates (e.g., year-end) in the opinion or report to the statements
    • Compare supporting sample report (as provided by your staff member and noted above) to the opinion or report
    • Compare representation letter date to the opinion or review report date
  • Review the balance sheet making mental notes of line items that should have related notes (retain those thoughts for review of the notes)
  • Review the income statement
  • Review the statement of changes in equity (if applicable)
  • Review the cash flow statement
  • Review the notes (making mental notes regarding sensitive or important disclosures so you can later see if the communication with those charged with governance appropriately contains references to these notes)
  • Return to the balance sheet to see if there are additional disclosures needed (since you just read the notes, you will be more aware of omissions — e.g., intangibles are not disclosed)
  • Review supplementary information (and related opinion for this information if applicable)
  • Review other reports such as Yellow Book and Single Audit (the staff member preparing the financial statements should have placed supporting examples in the file; refer to the examples as necessary)
  • If the review is performed with a printed copy of the statements, use yellow highlighter to mark reviewed sections and numbers
  • If you review a paper copy, pencil in corrections and provide corrected pages to the staff member for amendments to be made
  • If the review is performed on the computer, take screenshots of pages needing corrections and provide to the staff member
  • Better yet, review electronically. See my related post Review Financial Statements on Computer Screens

Last Step

Destroy all drafts. Or at a minimum, don’t leave them in the file. Once the financial statements are complete, there is no reason to retain drafts.

Your Suggestions

What other review procedures do you use?

Accountant’s ipad
Jan 30

Audit Mistakes: Seven Deadly Sins

By Charles Hall | Auditing

Seven deadly audit sins can destroy you. These audit mistakes kill your profits and effectiveness.

You just completed an audit project, and you have another significant write-down. Last year’s audit hours came in well over budget, and—at the time—you thought, This will not happen again. But here it is, and it’s driving you insane.

Insanity: doing the same thing year after year but expecting different results.

Are you ready for better results?

Audit Mistakes

Here are seven deadly (audit) sins that cause our engagements to fail.

Audit mistakes

1. We don’t plan

Rolling over the prior year file does not qualify as planning. Using canned audit programs is not planning.

What do I mean? We don’t know what has changed. Why? Because we have not performed real risk assessment such as current year walkthroughs. We have not (really) thought about current year risks of material misstatement.

Each year, audits have new wrinkles.

Are there any fraud rumors? Has the CFO left without explanation? Have cash balances decreased while profits increased? Does the client have a new accounting program or new staff? Can you still obtain the reports you need? Are there any new audit or accounting standards?

Anticipate issues and be ready for them with a real audit plan.

2. SALY lives

Elvis may not be in the house, but SALY is.

Performing the same audit steps is wasteful. Just because we needed the procedure ten years ago does not mean we need it today. Kill SALY. (No, I don’t mean your staff member; SALY stands for Same As Last Year).

I find that audit files are like closets. We allow old thoughts (clothes) to accumulate without purging. It’s high time for a Goodwill visit. After all, this audit mistake has been with you too long. So ask yourself Are all of the prior audit procedures relevant to this year’s engagement?

Will better planning require us to think more in the early phases of the engagement? Yes. Is this hard work? Yes. Will it result in less overall effort? Yes.

Sometimes the Saly issue occurs because of weak staff.

3. We use weak staff

Staffing your engagement is the primary key to project success. Excellent staff makes a challenging engagement pan out well. Poor staff causes your engagement time to balloon–lots of motion, but few results. Maybe you have smart people, but they need training. Consider AuditSense.

Another audit mistake is weak partner involvement.

4. We don’t monitor

Partners must keep an eye on the project. And I don’t mean just asking, “How’s it going?” Look in the audit file. See what is going on. In-charges will usually tell you what you want to hear. They hope to save the job on the final play, but a Hail Mary often results in a lost game.

As Ronald Reagan once said: Trust but verify.

Engagement partners need to lead and monitor. They also need to provide the right technology tools.

5. We use outdated technology

Are you paperless? Using portable scanners and monitors? Are your auditors well versed in Adobe Acrobat? Are you electronically linking your trial balances to Excel documents? Do you use project management software (e.g., Basecamp)? How about conferencing software (e.g., Zoom)? Do you have secure remote access to audit files? Do you store files securely in the cloud (e.g., Box)? Are you using data mining software such as Idea? Do you send electronic confirmations

Do your staff members fear you so much that they don’t give you the bad news?

6. Staff (intentionally) hide problems

Remind your staff that bad news communicated early is always welcome.

Early communication of bad news should be encouraged and rewarded (yes, rewarded, assuming the employee did not cause the problem).

Sometimes leaders unwittingly cause their staff to hide problems. In the past, we may have gone ballistic on them–now they fear the same.

And here’s one last audit mistake: no post-engagement review.

7. No post-engagement review

Once our audit is complete, we should honestly assess the project. Then make a list of inefficiencies or failures for future reference.

If you are a partner, consider a fifteen-minute meeting with staff to go over the list.

Your ideas to overcome audit mistakes

What do you do to keep your audits within budget?

>