Work Paper Mistakes: A List of 40 Common Errors

Today, I offer you a list of forty work paper mistakes. If you’re an auditor or you perform review engagements or compilations, you’ve seen these–or if you’re like me, you’ve make some of these errors.

The list is based on work paper reviews I’ve done over the last thirty-seven years (and not on any type of formal study).

You will, I think, shake your head in agreement as you read them. Why? Because you’ve seen these too.

Forty Work Paper Mistakes

Here’s the list of forty work paper mistakes:

No preparer sign-off on a work paper
No evidence of work paper reviews
Placing unnecessary documents in the file (the work paper provides no evidential matter for the audit)
Signing off on unperformed audit program steps
No references to supporting documentation in the audit program
Using canned audit programs that aren’t based on risk assessments for the particular entity
Not documenting expectations for planning analytics
Inadequate explanations for variances in planning analytics (“revenue went up because sales increased”)
Planning analytics with obvious risk of material misstatement indicators, but no change in the audit plan to address the risk (sometimes referred to as linkage)
Not documenting who inquiries were made of
Not documenting when inquiries were made
Significant deficiencies or material weaknesses that are not communicated in written form
Verbally communicating control deficiencies (those not significant deficiencies or material weaknesses) without documenting the conversation
Performing needed substantive tests with no related audit program steps (i.e., the audit program was not amended to include the necessary procedures)
Assessing control risk below high without testing controls
Assessing the risk of material misstatement at low without a basis (reason) for doing so
Documenting significant risks (e.g., allowance for uncollectible receivable estimates in healthcare entities) but no high inherent risks (when inherent risk are separately documented)
Not documenting the predecessor auditor communication in a first-year engagement
Not documenting the qualifications and objectivity of a specialist
Not documenting all nonattest services provided
Not documenting independence
Not documenting the continuance decision before an audit is started
Performing walkthroughs at the end of an engagement rather than the beginning
Not performing walkthroughs or any other risk assessment procedures
Not performing risk assessment procedures for all significant transaction areas (e.g., risk assessment procedures performed for billing and collections but not for payroll which was significant)
Not retaining the support for opinion wording in the file (especially for modifications)
Specific items tested are not identified (e.g., “tested 25 disbursements, comparing amounts in the check register to cleared checks” — we don’t know which particular payments were tested)
Making general statements that can’t be re-performed based on the information provided (e.g., “inquired of three employees about potential fraud” — we don’t know who was interviewed or what was asked or their responses)
Retrospective reviews of estimates are not performed (as a risk assessment procedure)
Going concern indicators are present but no documentation regarding substantial doubt
IT controls are not documented
The representation letter is dated prior to final file reviews by the engagement partner or a quality control partner
Consultations with external or internal experts are not documented
No purpose or conclusion statement on key work papers