Category Archives for "Auditing"

Audit mistakes
Feb 09

Audit Mistakes: Seven Deadly Sins

By Charles Hall | Auditing

Seven deadly audit sins can destroy you. These audit mistakes kill your profits and effectiveness.

You just completed an audit project, and you have another significant write-down. Last year’s audit hours came in well over budget, and—at the time—you thought, This will not happen again. But here it is, and it’s driving you insane.

Insanity: doing the same thing year after year but expecting different results.

Are you ready for better results?

Audit Mistakes

Here are seven deadly (audit) sins that cause our engagements to fail.

Audit mistakes

1. We don’t plan

Rolling over the prior year file does not qualify as planning. Using canned audit programs is not planning.

What do I mean? We don’t know what has changed. Why? Because we have not performed real risk assessment such as current year walkthroughs. We have not (really) thought about current year risks of material misstatement.

Each year, audits have new wrinkles.

Are there any fraud rumors? Has the CFO left without explanation? Have cash balances decreased while profits increased? Does the client have a new accounting program or new staff? Can you still obtain the reports you need? Are there any new audit or accounting standards?

Anticipate issues and be ready for them with a real audit plan.

2. SALY lives

Elvis may not be in the house, but SALY is.

Performing the same audit steps is wasteful. Just because we needed the procedure ten years ago does not mean we need it today. Kill SALY. (No, I don’t mean your staff member; SALY stands for Same As Last Year).

I find that audit files are like closets. We allow old thoughts (clothes) to accumulate without purging. It’s high time for a Goodwill visit. After all, this audit mistake has been with you too long. So ask yourself Are all of the prior audit procedures relevant to this year’s engagement?

Will better planning require us to think more in the early phases of the engagement? Yes. Is this hard work? Yes. Will it result in less overall effort? Yes.

Sometimes the Saly issue occurs because of weak staff.

3. We use weak staff

Staffing your engagement is the primary key to project success. Excellent staff makes a challenging engagement pan out well. Poor staff causes your engagement time to balloon–lots of motion, but few results. Maybe you have smart people, but they need training. Consider AuditSense.

Another audit mistake is weak partner involvement.

4. We don’t monitor

Partners must keep an eye on the project. And I don’t mean just asking, “How’s it going?” Look in the audit file. See what is going on. In-charges will usually tell you what you want to hear. They hope to save the job on the final play, but a Hail Mary often results in a lost game.

As Ronald Reagan once said: Trust but verify.

Engagement partners need to lead and monitor. They also need to provide the right technology tools.

5. We use outdated technology

Are you paperless? Using portable scanners and monitors? Are your auditors well versed in Adobe Acrobat? Are you electronically linking your trial balances to Excel documents? Do you use project management software (e.g., Basecamp)? How about conferencing software (e.g., Zoom)? Do you have secure remote access to audit files? Do you store files securely in the cloud (e.g., Box)? Are you using data mining software such as Idea? Do you send electronic confirmations

Do your staff members fear you so much that they don’t give you the bad news?

6. Staff (intentionally) hide problems

Remind your staff that bad news communicated early is always welcome.

Early communication of bad news should be encouraged and rewarded (yes, rewarded, assuming the employee did not cause the problem).

Sometimes leaders unwittingly cause their staff to hide problems. In the past, we may have gone ballistic on them–now they fear the same.

And here’s one last audit mistake: no post-engagement review.

7. No post-engagement review

Once our audit is complete, we should honestly assess the project. Then make a list of inefficiencies or failures for future reference.

If you are a partner, consider a fifteen-minute meeting with staff to go over the list.

Your ideas to overcome audit mistakes

What do you do to keep your audits within budget?

internal control reporting
Feb 05

Internal Control Reporting When There are No Issues

By Charles Hall | Auditing

In this post, I provide an overview of the internal control reporting requirements when no significant deficiencies or material weaknesses are noted in an audit of the financial statements. I also provide guidance for when such an engagement is subject to the Government Auditing Standards (i.e., Yellow Book). You’ll see a video that shows you what the audit opinion and Yellow Book reports look like when both are in play, and there are no issues. 

internal control reporting

Internal Control Reporting Standards

There are two sets of rules when you perform an audit that is subject to the Yellow Book requirements:

  1. Generally accepted auditing standards from AICPA
  2. Government Auditing Standards (i.e., Yellow Book) from GAO

And only one set of rules if the audit is not subject to the Yellow Book requirements:

  1. Generally accepted auditing standards from AICPA

Consider two scenarios.

1. Perform an audit not subject to Yellow Book 

If you perform an audit (not subject to Yellow Book) and have no significant deficiencies or material weaknesses, then no internal control letter is required (for anyone). I refer to this letter as the “SAS 115 letter” since that’s where the original generally accepted auditing rule came from. Some people opt to issue one anyway. But again, this is not required.

In this scenario, you issue one report:

Audit opinion (and no internal control letter is issued)

2. Perform an audit subject to Yellow Book 

If you perform an audit that is subject to Yellow Book and have no significant deficiencies or material weaknesses, then no SAS 115 internal control letter is requiredSome people opt to issue one anyway.

A Yellow Book report is required (even though there are no significant deficiencies or material weaknesses) and is included in the audited financial statements, usually after the notes to the financial statement. 

You do not need to send this report to anyone separately (i.e., the government) since it’s included in the bound audit report.

So, in this scenario, you issue two reports:

  1. Audit opinion, and
  2. Yellow Book report

But what do these reports look like? 

Yellow Book Report and Amendments to Audit Opinion

Here is a video that shows you what a Yellow Book reports looks like when there are no significant deficiencies or material weaknesses. 

I also show you how to amend your standard audit opinion (governmental example) when the Yellow Book report is provided. 

See my related article about capturing and reporting control deficiencies. I define significant deficiencies and material weaknesses in another post.

YouTube player
predecessor auditor
Feb 03

Tips for Communicating with a Predecessor Auditor

By Charles Hall | Auditing

Communicating with a predecessor auditor can be trying. Even so, audit standards require that you (at least try to) contact them. 

After not sufficiently vetting a potential new client and paying the price for it, I can tell you, “This part of client acceptance is crucial.” You can avoid many headaches. 

In this article, I tell you when to make contact, what inquiries to make, what responses you might receive, how to document the conversations, and how reviewing predecessor work papers will help you audit opening balances. 

Let’s start with an example conversation between the prospective and predecessor auditors.

predecessor auditor

Example Conversation with Predecessor Auditor

“Hi Bill, I am Charles Hall of Johnson & Hitchcock CPAs. I am calling about the 2024 audit of Bird Lighting. They said they would contact you and authorize this conversation. Have they done that?”

“Yes, we heard from them last week. I can respond to your questions.”

So, I ask, “Have there been any illegalities or noncompliance issues you’ve encountered previously?” His response is a hesitant no. I sense Bill is not happy to talk with me (which I understand–we’ve been cross-town competitors for over a decade). He’s responding but is not volunteering any additional information. Probing further, I question the company’s financial condition. Bill admits to cash flow troubles, causing difficulties in compensating accounting staff. 

Now, I’m wondering if they have competent accountants. 

I ask, “How many journal entries did you propose last year, and were there any disagreements about those?” And he responds, “about 35.” He hesitates before disclosing that a heated debate preceded the posting of two material entries

We discuss other matters before arranging a meeting to examine their work papers. Bill says, “We’ll make the prior year’s work papers available for viewing in our office on May 4 at 10:00 a.m. You can request copies of work papers, but we reserve the right to refuse. For example, we don’t give copies of our walkthroughs or risk assessments. We’ll also ask that you sign a letter stating that you will not use this information in any way that might harm our firm.”

Now that we’ve visited a typical predecessor auditor conversation let’s see what the audit standards say about this. 

When to Initiate the Conversation

The auditor should initiate this communication before being engaged to perform the engagement.

Why? Because you want to be aware of any potential problem areas before you accept the engagement. For instance, if management is unethical, you want to know that. If management has used fraudulent accounting, being aware of such practices is to your advantage. Consequently, audit standards necessitate communication before the auditor is engaged.

Contacting the Predecessor Auditor

You should initiate communication with the predecessor auditor and make inquiries according to AU-C 210, Terms of Engagement. Such inquiries should include potential fraudulent activities involving management or employees and noncompliance or suspected noncompliance with applicable laws and regulations. Those inquiries might also include asking if the predecessor knows why the auditee is making the change in auditors. 

Additional potential problem areas include:

–leadership integrity issues

–combative attitudes

–financial problems

–lack of client responsiveness to requests for information

–excessive number of audit adjustments

–client expectations that you do additional work without compensation

–management override of controls

–disagreements over audit fees

Before establishing contact, the company’s management must authorize the predecessor auditor to respond to the successor auditor’s inquiries. If the potential client does not permit this communication, think twice about doing this audit. 

A prospective auditor can make a proposal to do the audit before contacting the predecessor auditor, but can’t accept the engagement (it’s not final) until they have communicated with the predecessor auditor. 

Not communicating with the predecessor auditor can be equivalent to walking into a minefield when anticipating a leisurely hike. The more you know as you accept a new client, the better. 

The Predecessor Auditor’s Response

Sometimes, the predecessor will not respond, as though you don’t exist. (Makes me think, “E.T., phone home.”) Why? They are probably unhappy that you’ve just taken a client from them. That’s understandable. It may not be professional, but again, it’s understandable. (This is what makes these conversations so difficult.)

The predecessor auditor is to be timely in their responses. 

Predecessor auditor

Limited Responses

Other times, the predecessor might give you a limited response. You might think this when there are conversational pauses or stammerings. Such hesitations might indicate that you need to tread carefully and consider whether you should accept the client. For example, is the predecessor privy to information that would be useful to you but potentially damaging to them (i.e., the company sues them for slander)? Sometimes, you don’t know. 

Additionally, the predecessor auditor sometimes provides a limited response due to extenuating circumstances, such as pending litigation. In that case, they should say their response is limited per AU-C 210, Terms of Engagement

Now, let’s think about evaluating the responses. 

Evaluate the Responses

The successor auditor should evaluate the implications of the responses received (or not received) and document that information in the audit file. Why? One reason is peer reviewers look for predecessor auditor communication in an initial audit file. You need to prove you at least tried to initiate a conversation.

There’s little you can do when a predecessor auditor is nonresponsive. Even so, document your attempts to communicate. For example, include copies of letters and emails in your audit file. 

If the predecessor does respond, consider asking to see their prior year’s audit work papers. 

Reviewing Predecessor Audit Work Papers

A customary request by a potential successor auditor pertains to accessing predecessor auditor work papers. Viewing those work papers facilitates verification of opening balances for your new audit if you accept the engagement.

By the way, it is usual for the predecessor to ask you to sign a letter saying that you’ll not use the prior year’s work papers in any manner that might harm them, which is a reasonable request. 

The predecessor decides whether you can see any work papers and what they will allow you to review. They might not provide, for example, their walkthroughs. Why? Because it takes a great deal of time to create these, and they may not want to give their competitor free work.  


Not only do professional standards require you to contact the predecessor auditor, but it’s the better part of wisdom for you to do so. No, it’s not a fun process, but you’ll be glad you did. Your peer reviewer will also be happy you followed the audit standards. 

In June 2022, the AICPA Auditing Standards Board (ASB) issued Statement on Auditing Standards (SAS) No. 147, Inquiries of the Predecessor Auditor Regarding Fraud and Noncompliance With Laws and Regulations. It is effective for periods beginning on or after June 30, 2023.

Client Acceptance and Continuance
Feb 01

Client Acceptance: How to Do It Right

By Charles Hall | Auditing

Client acceptance and continuance may be the most critical step in an audit, but it’s one that gets little attention. A prospective client calls saying, “Can you audit my company?” and we respond, “sure.” While new business can be a good thing, relationships need appropriate vetting. Not doing so can lead to significant (and sometimes disastrous) consequences.

New Relationships

My daughter recently met a young man on Instagram. Not unusual these days. But now the relationship is entering into its third month. They talk every day for two or three hours. So far, they have not been in the same room—and not even in the same city. Skype, yes. Physical presence, no. That’s happening at the end of this month. (He lives eight hours away.)

So what do Mom and Dad think about all of this? Well, it’s fine. My wife checked him out on Facebook (I know you’ve never done this). And my daughter has told us all about the “fella” and his family. We like what we’re hearing. He has similar beliefs. He has a job (Yay!), and he has graduated from college. His family background is like ours.

Why do we want to know all the details about the young man? Because relationships impact people—my daughter, the young man, his family members, and yes, my wife and I. We want everyone to be happy.

Client Acceptance 

And that’s what good relationships create. Happiness. The same is true with clients. As Steven Covey said, “think win, win.” When the customer wins, and your CPA firm wins, everyone is happy. Mutual needs are met.

Careless CPAs accept business with only one consideration: Can I get paid? 

While getting paid is important, other factors are also critical.

Before accepting an audit engagement consider:

  1. Are they ethical?
  2. Are you independent?
  3. Do you have the technical ability to serve them?
  4. Do you the capacity to serve them?

Are They Ethical?

I want my daughter to marry a guy with beliefs that correspond with who she is. Is he honest? Would he steal? Is he transparent? Who are his associates? What do others think of him? 

We ask similar questions about accepting a new client. Audit standards require us to consider whether the prospective client has integrity. If the company is not morally straight, then there’s no need to move forward. Ethics is a key to client acceptance.

(The predecessor auditor can provide information about their interactions with the company. Audit standards require contact with the predecessor auditor prior to acceptance. This is an initial year consideration.)

Are You Independent?

Independence is another key to client acceptance. And the time to determine your firm’s independence is the beginning—not at the conclusion of the audit.

Consider what happens—during a peer review—when a firm is not independent, and it has issued an audit opinion. The original audit report will be recalled, and I’ll bet the company asks for and receives a full refund of your audit fee. Now, the company needs to be re-audited.  (Oh, and there’s that impact on the peer review report.)

Pay attention to requested nonattest services—such as preparation of financial statements. If the client has no one with sufficient skill, knowledge, and experience to accept responsibility for such services, you may not be independent. See the AICPA’s Plain English Guide to Independence for more information. (You can see additional help-aids in my list of online resources for CPAs. )

Do You Have the Technical Ability to Serve Them?

If you can pick up a client in an industry in which you have no experience, should you? Possibly, but it depends on whether you can appropriately understand the client and their industry before you conduct the engagement. Some new customers may not be complicated. In those cases, CPE may get you into position to provide the audit. 

But what if the potential engagement involves a highly sophisticated industry and related accounting standards for which you are ill-equipped? It may be better to let the engagement go and refer it to an audit firm that has the requisite knowledge. Or maybe you can partner with the other firm. 

Do You Have the Capacity to Serve Them?

A prospective client calls saying, “Can you audit my company? We have a December 31 year-end, and we need the audit report by March 31.” After some discussion, I think the fee will be around $75,000. But my staff is already working sixty hours a week during this time of the year. Should I take the engagement? 

My answer would be no unless I can create the capacity. How? I can hire additional personnel or maybe I can contract with another firm to assist. If I can’t build additional capacity, then I may let the opportunity pass. 

Far too many firms accept work without sufficient capacity. When this happens, corners are cut, and staff members and partners suffer. Stuffingeven morework into a stressful time of the year is not (always) a wise thing. We lose staff. And if the engagement is deficient, peer review results may take a hit.

When you don’t have the capacity to accept new good clients, consider whether you should discontinue service to existing bad customers.

The Continuance Decision

Quality controls standards call for CPAs to not only develop acceptance procedures, but we are to create continuance protocols as well.

I previously said CPAs often don’t give proper attention to acceptance procedures. So, how about continuance decisions? Even worse. 

Each year, we should ask, “If this was a new client opportunity, would I accept them?” If the answer is no, then why do we continue serving them? 

Here are a few questions to ponder:

  • Has the client paid their prior year fees? 
  • Am I still independent (consider the new Hosting Services interpretation)?
  • Does the client demand more from me than the fee merits?
  • Do I enjoy working with this client?
  • Is the client’s financial condition creating additional risks for my firm?
  • Is the client acting ethically?

Each year, well before the audit starts, ask these questions.

And then consider, is the bottom 10% of my book of business keeping me from accepting better clients? My experience has been that when I have the capacity, new business appears. When capacity is lacking, I don’t. The decision to hold on to bad clients is a decision to close the door to better clients. Don’t be afraid to let go.

Risk Assessment Starts Now

When should we start thinking about risk assessment? Now.

Whether you are going through the initial acceptance procedures or you are making your continuance decision, start thinking about risk assessment now. Assuming you accept the client, you’ll be a step ahead as you begin to develop your audit plan. Ask questions such as:

  • How is your cash flow?
  • Do you have any debt with covenants?
  • Who receives the financial statements?
  • Has the company experienced any fraud losses?
  • How experienced is management?
  • Why are you changing auditors?

Keep these notes for future reference and audit planning. 

The Strangest Audit Ever

As I close this post, I thought I’d share an old war story. One where I did not perform client acceptance correctly. You’ll find this story hard to believe. But it’s true.

YouTube player
Single Audit overview
Dec 24

Single Audit Overview: In Five Minutes

By Charles Hall | Accounting and Auditing , Single Audit

Here’s a Single Audit overview in five minutes. This video provides an overview of what a Single Audit is and what an auditor does in performing such an engagement.

YouTube player

Single Audit Overview

First, understand that some entities receive multiple federal grants. Rather than performing an audit of each individual, the Uniform Guidance allows one audit (a Single Audit) based on risk. So, if a city receives seven federal grants in one year, an auditor can perform a single audit that addresses the riskier programs. The video explains how the auditor determines major programs, the riskier grants of the seven received. Those are the ones that will be audited. 

The applicability of the Single Audit to a grantee is based on the entity’s federal expenditures. Audit the entity using the Uniform Guidance when more than $750,000 in federal funds are expended. 

Compliance Supplement

In the video, I also explain how auditors use the Compliance Supplement to audit federal programs. The Compliance Supplement provides a summary of the applicable compliance provisions for federal grants. You can locate a particular grant by searching the Compliance Supplement by its federal assistance listing number. For example, 14.321 is HUD’s Emergency Systems Grant Program.

Single Audit Compliance Areas

Potential compliance areas for federal programs include:

  • Allowability
  • Eligibility
  • Procurement
  • Special Reporting
  • Sub-recipient monitoring
  • And more

Auditors choose the compliance areas that are direct and material, those that are most important. These areas are audited for each major program.

Single Audit Reports

Additionally, Single Audit reports are created by the auditor to communicate the results of the audit. That way, financial statement readers can see if the grantee (e.g., city) used the grant funds appropriately and whether the entity had proper internal controls. The auditor opines upon the major program grant compliance. If noncompliance is present or if related internal controls were not in use, the auditor reports the noncompliance or deficiencies in the Single Audit report. 

Moreover, Single Audit reports include a schedule of expenditures of federal awards (SEFA). The SEFA includes a listing of expended federal awards. 

Federal Audit Clearinghouse

Finally, the Single Audit report is filed with the federal audit clearinghouse once completed. The report is publicly available, so anyone can see the results of the audit. 

Watch the video for the Single Audit overview in five minutes. 

1 2 3 15