CPA Practice Aids, LLC
Small Audits Made Easy & Profitable
Learning Objectives
After completing this section of the course, you will be able to:
1. Describe the philosophies underlying cost-beneficial audit approaches
2. Discuss the framework for approaching small audits to achieve high-quality, efficiently
3. Understand the relationship of risk assessment, audit strategies and audit responses on
smaller audits
Definitions of a Small Business
Quality definitions of a small business will focus on the characteristics of an entity, rather than
on the volume of its sales or assets. From an auditing perspective, the same is true. The amount
of audit hours invested in a small business entity will vary from a small amount to several
hundred.
For application of the concepts and practice aids in this course, a small business will include the
following characteristics:








One or a few individuals perform entity level controls or key operational controls.
Limited segregation of accounting duties due to a small number of employees.
Informal or not formally documented policies and procedures.
Basic and/or out-of-the-box accounting software.
Limited accounting knowledge by management personnel.
Higher risk of management overriding internals controls.
Limited accounting training and/or business experience of accounting personnel and
governing persons.
Assets are easily accessible to employees.
Overview of a Simplified Small Audit Approach
Operating Philosophies
Underpinning the audit strategies for small business engagements, Statement on Quality Control
Standards No. 8, A Firm’s System of Quality Control (Redrafted), ensures that an audit
engagement is conducted in accordance with existing professional standards. While compliance
with quality control standards doesn’t provide direct evidence to support audit conclusions, it
does enhance the quality of the evidence gathered by auditors. The quality control standards
included in SQCS No. 8 should become a CPA firm’s operating philosophies. Common
operating philosophies for small audits are:







Involving leadership throughout engagements to establish communication from the top.
Meeting personal and firm ethical requirements.
Accepting and serving high-quality clients.
Hiring outstanding staff persons.
Maximizing the benefits of CPE and on-the-job training for staff personnel.
Assigning the appropriate staff personnel to engagements.
Providing the appropriate level of supervision for engagement personnel.
1
CPA Practice Aids, LLC


Planning, assessing risk, and performing engagement procedures to produce the optimum
mix of quality and profitability.
Monitoring quality control policies and procedures for engagements and for firm
administration.
Audit Strategies
An audit strategy for small audits that includes compliance with applicable generally accepted
auditing standards and, at the same time, maximizes engagement profitability will include the
following components:










Creating and responding to client acceptance and retention evaluations.
Completing only core planning practice aids.
Examining the general ledger account activity to provide low-cost substantive evidence
and risk-assessment procedures.
Preparing internal control flowcharts and memos that can be carried forward.
Performing systems walk-procedures to reduce the assessed level of risk of material
misstatement.
Performing maximum analytical procedures during planning, engagement performance
and engagement review to reduce detailed tests of balances.
Performing only necessary tests of controls and tests of balances procedures.
Determining tolerable misstatement by financial statement classification to minimize
auditing procedures.
Making decisions to not sample to save time.
Completing a planning document to facilitate planning meetings and the engagement
leader’s involvement.
This audit strategy, and other engagement performance and documentation procedures, will be
discussed throughout the remainder of these text materials.
Some Specific Topics
Achieving Small Audit Efficiency
Using the word “efficiency” in the same sentence as the word “audit” may seem like an
oxymoron, particularly for small audits. Given the explosion of new professional standards in
recent years, it’s not surprising that many smaller CPA firms have given up their audit practices.
However, small audits can still be profitable. The key is to maximize efficiency. Every planning
and performance decision must emphasize both quality and efficiency. I call this the “TenMinute Rule.” By taking advantage of every opportunity to save 5 or 10 minutes, huge overall
engagement time savings can be achieved.
The Root of Audit Requirements and Documentation
For over two decades, publishers of auditing practice aids have supplied forms, checklists and
programs to comply with existing professional standards. These practice aids have provided
good engagement performance quality control systems, particularly for smaller CPA firms. On
the downside however, the volumes of accounting and auditing pronouncements have increased
2
CPA Practice Aids, LLC
exponentially causing huge stacks of paper or long lists of electronic forms for even the smallest
audits.
The length and number of audit practice aids from publishers increased substantially when the
audit risk assessment standards were revised in 2006. The Auditing Standards Board
subsequently released the Clarified Audit Standards that became effective for periods ending
after December 15, 2012. Because it is often very difficult to determine which documentation is
required to comply with the currently effective standards, auditors tend to error on the side of
conservatism, using and completing all the practice aids purchased from a publisher. While this
approach may result in a high-quality audit, it is likely to generate large budget overruns.
A foundational principle of audit efficiency is to remember that the root of audit requirements is
not the practice aids purchased from a provider. Audit requirements for non-public and nonprofit entities are rooted in the Statements on Auditing Standards (SASs) published by the
Auditing Standards Board of the AICPA. Audit efficiency begins with choosing procedures and
documentation that, first, satisfies the applicable requirements in SASs and, second, are the most
efficient considering engagement risk circumstances.
Small Audit Documentation that Supports SAS Compliance
Documentation must evidence compliance with the requirements of applicable SASs. Because
SASs are written to be applicable to audit engagements of all sizes, compliance for a small audit
will differ from a large audit and thus audit documentation of compliance will also differ.
Below is a list of annual “key” documentation that will support small audit strategies.













Engagement letter.
Client acceptance and retention evaluations.
General ledger analysis worksheet.
Small audit internal control questionnaire, flowcharts and/or memos by financial
statement classification.
Systems walk-through memo or other documentation.
Analytical procedures worksheets for engagement planning and review.
Risk of material misstatements evaluation by financial statements classifications.
Linking working paper to guide the selection of tests of controls and tests of balances
procedures based on risk.
Tolerable misstatements calculation by financial statements classifications.
Sampling and non-sampling decisions worksheet.
Audit planning document summarizing audit strategies and other planning information.
Small audit program tailored for audit responses to assessed risks.
Representation letter.
The Foundation for Audit Documentation
Underpinning small audit documentation, a CPA firm’s operating philosophies contribute
significantly to engagement efficiency. Involvement of leadership on audit engagements for
some CPA firm partners or sole proprietors is often limited to a brief meeting with staff
personnel before the engagement begins and a review of the working papers and report after the
3
CPA Practice Aids, LLC
engagement is finished. While this may limit the executive’s time charges on an audit, it also
limits the opportunities to train personnel, to set the tone at the top, to ensure audit quality and to
deal with engagement problems throughout the job. Limited executive participation results in
increased time charges during the wrap-up phase to clean up review points and resolve problems
after the fieldwork is finished.
Auditing standards now require participation of CPA firm leadership in planning meetings on all
audit engagements. Many leaders also require in-charge accountants to communicate the status
and problems of engagements throughout the performance phase. Some leaders perform their
engagement reviews in stages to avoid last minute problems. The result of all these practices is
that engagement problems are dealt with early and engagement procedures are done correctly the
first time. Wasted time is eliminated and higher profitability is achieved when engagement
leaders are involved in all phases of engagements.
Developing Cost-Beneficial Audit Strategies on Small Audits
Increasing Profits by Evaluating Risk at the Financial Statement Level
SQCS No. 8, effective January 1, 2012, requires that a firm establish and document policies and
procedures for the acceptance and continuance of clients and engagements. QC Section 10:27-30
reads:
.27 The firm should establish policies and procedures for the acceptance
and continuance of client relationships and specific engagements, designed to
provide the firm with reasonable assurance that it will undertake or continue
relationships and engagements only when the firm
a. is competent to perform the engagement and has the capabilities,
including time and resources, to do so; (Ref: par. .A11)
b. can comply with legal and relevant ethical requirements; and
c. has considered the integrity of the client and does not have information
that would lead it to conclude that the client lacks integrity.
(Ref: par. .A12–.A13)
.28 Such policies and procedures should
a. require the firm to obtain such information as it considers necessary
in the circumstances before accepting an engagement with
a new client, when deciding whether to continue an existing engagement,
and when considering acceptance of a new engagement
with an existing client. (Ref: par. .A14)
b. require the firm to determine whether it is appropriate to accept
the engagement if a potential conflict of interest is identified in
accepting an engagement from a new or an existing client.
c. if issues have been identified and the firm decides to accept or
continue the client relationship or a specific engagement, require
the firm to
i. consider whether ethical requirements that exist under
Interpretation No. 102-2, "Conflicts of Interest," under Rule
102, Integrity and Objectivity (ET sec. 102 par. .03), apply,
4
CPA Practice Aids, LLC
such as disclosure of the relationship to the client and
other appropriate parties, and
ii. document how the issues were resolved.
.29 To minimize the risk of misunderstandings regarding the nature,
scope, and limitations of the services to be performed, the firm should establish
policies and procedures that provide for obtaining an understanding with the
client regarding those services. (Ref: par. .A15)
.30 The firm should establish policies and procedures on continuing an
engagement and the client relationship that address the circumstances when
the firm obtains information that would have caused it to decline the engagement
had that information been available earlier. Such policies and procedures
should include consideration of the following:
a. The professional and legal responsibilities that apply to the
circumstances,
including whether there is a requirement for the firm
to report to regulatory authorities
b. The possibility of withdrawing from the engagement or from both
the engagement and the client relationship (Ref: par. .A16)
Client acceptance and continuance procedures are the foundation of the risk assessment process.
As discussed in SAS No. 8, management’s integrity is one of the elements of risk at the financial
statement level. High risk at the financial statement level requires more evidence to mitigate the
risk. Low risk requires less evidence. The impact of risk at the financial statement level on
engagement procedures will be discussed in other sections of these materials.
Risk at the Financial Statement Level
SAS No. 107 (AU-C 320) defines audit risk as the risk that the auditor may unknowingly fail to
appropriately modify his or her opinion on financial statements that are materially misstated.
Audit risk is subjective in nature and represents the likelihood misstatement will remain in the
financial statements after the auditing procedures are complete. SAS No. 107 (AU-C 320)
discusses risk at both the financial statement level and the assertion level. Engagement risk, or
overall engagement risk as it sometimes called, is audit risk at the financial statement level and is
primarily affected by the factors discussed below.
From a client acceptance and/or continuance form, and the related client investigation
procedures, we can evaluate:
1. Integrity of management.
2. Use of financial statements.
3. Potential for going-concern problems.
Integrity of Management
Questions concerning the integrity of management and the use of financial statements should
be documented in a client acceptance and/or continuance form. Management’s character and
compliance with a company’s internal control policies and procedures sets the standard for
5
CPA Practice Aids, LLC
behavior of other employees. The “tone at the top” becomes the control environment that
underpins all other elements of internal control and the auditor’s risk assessment process.
Use of Financial Statements
The use of audited financial statements may create a higher risk at the financial statement
level. For example, the user may place greater reliance on the audited financial statements
when they are submitted to a lender in connection with an application for credit, to a bonding
underwriter to obtain a performance bond for a construction contract, or to an attorney for
litigation support. The use of financial statements for high risk purposes increases the
likelihood of being sued by users. Such likelihood requires more reliable and more extensive
evidence to mitigate this risk.
Potential for Going-Concern Problems
SAS No 126 (AU-C 570)—Going Concern, formerly SAS No. 59, requires an evaluation of
the going concern assumption during planning. While management may have plans to
mitigate information contrary to the going-concern assumption, the presence of such
information and the potential for it materially affecting the financial statements under
examination should be considered when planning the desired level of evidence for the
engagement. The auditor should evaluate whether there is substantial doubt about the entity’s
ability to continue as a going concern for a reasonable period of time, at least one year. If
substantial doubt exists, the auditor should evaluate management’s plans to mitigate the
contrary information and plan to subjectively increase the overall level of evidence on the
engagement.
The Impact of Risk at the Financial Statement Level
The subjective level of risk at the financial statement level, best described as high or low, can
significantly affect the audit strategy, including the nature, extent and timing of procedures, and
the staffing and supervision of the engagement.
Procedures: High risk at the financial statement level calls for more reliable
procedures, increased sample sizes or greater audit coverage of the dollar amount of
account balances and performing procedures as of the client’s fiscal year-end. Low
risk will permit less reliable procedures, smaller sample sizes or lesser audit coverage
of account balances and performing procedures before year-end. In the discussions of
materiality concepts and sampling decisions later in these materials, the procedural
impact of high and low risk at the financial statement level will be considered.
Staffing and supervision: Responses to high risk at the financial statement level will
include assigning more experienced engagement personnel to the engagement and/or
increased executive supervision. Low risk will permit less experienced personnel
and/or less leader supervision. Because assigning personnel to engagements is one of
the elements of quality control in SQCS No. 8, firm administrative or engagement
files should contain documentation of these decisions during planning.
6
CPA Practice Aids, LLC
While the specific risk factors and their planned affects on the audit are considered during the
various aspects of the risk assessment process, they are best summarized and documented in a
Planning Document. Specific details are discussed later.
Increased engagement profits result when both high and low risk factors are linked to specific
auditing procedures during planning. CPAs in general are good at increasing procedures when
risk is high, but not very good at decreasing procedures when risks are low. The risk assessment
standards applicable to all auditing engagements emphasize the importance of modifying
procedures for both high and low risks. Using risk-based auditing requires an auditor to respond
to risks that come to his or her attention during risk assessment procedures. In areas where no
significant risks are discovered, the auditor can and should reduce the nature and extent of tests
of balances procedures. Remember, low engagement risk should always result in less audit work
and increased profits.
How to Perform and Document Risk Assessment Procedures at the Assertion
Levels
Risk of Material Misstatement
In SAS No. 107 (AU-C 320), audit risk at the account balance or transaction class level has three
components.



Inherent risk. The susceptibility of a financial statement assertion to a material
misstatement assuming there are no related internal controls.
Control risk. The risk that a material misstatement, which could occur in a financial
statement assertion, will not be prevented or detected on a timely basis by the entity’s
internal controls.
Detection risk. The risk that the auditor will not detect a material misstatement that
exists in an assertion.
The combination of inherent and control risk comprises the risk of material misstatement. As
discussed above, risk of material misstatement is assessed at both the financial statement and
assertions levels. The risk of misstatement must be assessed for relevant assertions and is usually
done by financial statement classification.
In our practices, we ordinarily would not make a complex analysis that would consider inherent
and control risk by financial statement assertion. We consider certain relevant assertions as we
plan auditing procedures for financial statement classifications. For example, existence and
valuation are most important when auditing accounts receivable; completeness is most important
for accounts payable. We’ll discuss financial statement assertions and their relationship to audit
objectives and types of tests in another section of these materials.
Understanding the Entity and Its Environment
SAS No. 109 (AU-C 315), Understanding the Entity, Its Environment and Assessing the Risks of
Material Misstatement, states:
7
CPA Practice Aids, LLC





The purpose of obtaining an understanding of the entity and its environment,
including its internal control, is to identify and assess risks of material
misstatement and to design and perform procedures that respond to such
risks.
Risk assessment procedures include inquiries of management and client
personnel, observation and inspection procedures and various analytical
procedures.
The auditor is required to obtain a sufficient understanding of the five
elements of internal control to evaluate their design and operation.
Substantive procedures must be performed for significant risks.
Tests of controls are required only when substantive procedures alone are not
sufficient to test financial statement assertions, such as the completeness
assertion for revenues.
Internal Controls
An evaluation of a client’s internal controls will be relative to the nature, size and
complexity of an entity. In a recent COSO report on internal control for smaller public
entities, the authors indicated that smaller public entities may have more informal internal
controls and that key controls would ordinarily be carried out by one or a few individuals.
The same is true for smaller non-public and non-profit entities.
As SAS No. 107 (AU-C 320) indicates, an entity’s key controls are the primary concern
for management, and for auditors. Key controls are those performed at the entity level
which can prevent deficiencies in other related control activities from causing material
misstatements. A small entity, for example, could have both a good accounting system
and good internal controls because an owner or manager with high integrity diligently
performs key controls such as signing checks and reviewing vendor invoices, examining
bank statements before and after reconciliation, viewing mail opening prelists and bank
deposit details, reviewing customer statements and/or aged trial balances of accounts
receivable, and so forth.
Underpinning the accounting system and the internal control activities is the control
environment. The control environment includes management’s attitudes and other factors
such as integrity and ethical values, commitment to competence, board of directors and
audit committee participation, management’s philosophy and operating style,
organizational structure, assignment of authority, and responsibility and human resource
policies and practices. All other elements of internal control are established and depend
on the control environment.
Cost-benefit considerations play a primary role in selecting the audit strategy and begin
with internal control evaluation decisions. Since an audit strategy can no longer contain a
default of control risk to maximum, material risks of misstatements must be identified to
ensure auditing procedures are sufficient to mitigate such risks.
8
CPA Practice Aids, LLC
Risk Assessment Procedures
Risk assessment procedures include all engagement activities from the planning phase up to the
development of the audit plan (detailed audit program). Below is an outline and brief discussion
of common risk assessment procedures and related documentation:
1. Making and documenting client acceptance or continuance decisions.
2. Reviewing prior year working papers, considering findings and conclusions, adjusting
journal entries, uncorrected audit differences and assessing their impact on the current
year’s risk assessment.
3. Reading the current year’s general ledger activity and preparing a memo documenting
parameters and findings.
4. Performing and documenting other preliminary analytical procedures (at least comparing
the current year’s unadjusted account balances with prior year adjusted balances).
5. Preparing flowcharts or memos documenting the client’s accounting and internal control
stems and the performance of systems walk-through procedures for major transactions
cycles.
6. Calculating tolerable misstatement by financial statement classification based on risk.
7. Completing applicable practice aids and other documentation from the firm’s accounting
and auditing manuals.
8. Preparing a linking working paper combining risk of misstatements due to error and fraud
to determine the level of risk of material misstatement and audit responses for relevant
assertions in material financial statement classifications.
9. Designing a detailed audit plan (program) that links significant risks with appropriate
procedures (tests of control, analytical procedures and/or detailed tests of balances).
The risk assessment standards make clear that all risk assessment procedures become
substantive evidence that contributes toward accomplishing audit objectives. When
considering the evidence necessary to decrease detection risk to an acceptably low level, the
performance of risk assessment procedures will reduce the evidence required from other
auditing procedures. This is a basic principle underpinning increased efficiency on all
audits.
Reducing or Eliminating Procedures
The key is to look for strengths in a client’s system of internal controls first. Strengths are key
controls designed and in operation to prevent material misstatements from occurring and going
undetected. Identifying strengths first will enable the auditor to determine when specific control
deficiencies are offset and when tests of balances procedures can be reduced or eliminated.
SAS No. 109 (AU-C 315) permits a CPA to consider prior years’ control risk assessment for the
client while evaluating current year control risk. Lower assessed levels of control risk, and risk
of material misstatement, from the prior years’ engagements creates opportunities for reducing or
eliminating procedures in the current year.
Audit Planning for Profits in Tough Times
9
CPA Practice Aids, LLC
Do We Really Have to Plan Small Audits?
In earlier years, auditors didn’t do much planning because audit procedures were designed on the
fly. The joke was that many did their audit planning in the back seat of the car on the way to the
client’s office! This was sometimes true then, and it may be today! Auditors often obtain an
understanding of a client’s business and industry, internal controls and operations and target the
areas where risks are high as they begin their fieldwork. All auditors complete audit programs,
some after the audit is completed.
While planning activities are required by the auditing standards, they are a key to completing
high-quality audits in the most efficient manner. Identifying risks of material misstatement in
the planning phase, for example, will enable an auditor to make inquiries, inspections and
observations regarding the risk circumstances to determine if additional substantive procedures
are necessary. On the other hand, when few or no risks of material misstatement are identified,
fewer tests of balances auditing procedures may be necessary. Proper planning benefits the
quality and profitability of both large and small audits.
Internal Control, Risk Assessment and Audit Strategies
Understanding Internal Control
Professional standards require an auditor to obtain an understanding of a client’s business and
industry, including its internal control. Unable to default to high control risk and perform only
analytical and tests of balances procedures, an auditor is required to obtain the understanding,
identify and evaluate risks of material misstatement due to error and fraud, and link the risks to
appropriate substantive procedures to prevent financial statements from being materially
misstated. Known as audit strategy, the understanding and documenting of internal controls is
integral to this process.
SAS No. 109 Definition of Internal Control
Paragraph 41 of SAS No. 109 defines internal control this way:
Internal control is a process—effected by those charged with governance, management, and
other personnel—designed to provide reasonable assurance about the achievement of the
entity’s objectives with regard to reliability of financial reporting, effectiveness and
efficiency of operations, and compliance with laws and regulations. Internal control over
safeguarding of assets against unauthorized acquisition, use, or disposition may include
control relating to financial reporting and operations objectives.
Internal Control and Audit Strategies
At the heart of each engagement’s audit strategy is the entity’s system of internal control.
Assessing risks of material misstatement (RMM) for each financial statement classification
requires an understanding of key controls at the entity and activity levels. The emphasis for
assessing RMM is on the design and operation of key controls, primarily at the entity level for
smaller entities. If key controls are designed and operating, formally or informally, it is unlikely
material errors or fraud can occur and go undetected. If key controls are not designed, or are
designed and not operating, control deficiencies are likely. Depending on the likelihood and
10
CPA Practice Aids, LLC
magnitude of the deficiencies, there may be significant deficiencies or material weaknesses, both
of which can be risks of material misstatements.
A Historical Perspective of Internal Controls
The Committee of Sponsoring Organizations (COSO) of the National Commission on Fraudulent
Financial Reporting (Treadway Commission) issued its first report stressing the importance of
internal control, the control environment, codes of conduct, audit committees, and internal audit
functions. In 1992, a COSO task force issued a report entitled Internal Control—Integrated
Framework, known as the COSO Report.
Among other things, the COSO Report defines internal control and its components and provides
criteria for evaluating internal control. The report presents these interrelated components of
internal control:





Control Environment—The core of any business is its people and the environment in
which they operate. The environment is primarily set by management personnel.
Risk Assessment—The entity must be aware of and deal with the risks it faces.
Control Activities—Control policies and procedures must be established, formally or
informally and applied to address risks to the achievement of the entity’s objectives.
Information and Communication—These systems enable the entity’s people to obtain
and use information necessary to conduct, manage and control operations.
Monitoring—The internal control process must be monitored and changed as conditions
necessitate.
Internal controls over financial reporting include those that are designed to make sure financial
data is recorded, processed, summarized and reported consistent with management’s
representations (assertions) in financial statements. Management of an entity has the primary
responsibility for establishing and maintaining a system of internal control. An auditor’s job is to
assess whether the five components are designed and operating effectively given the nature, size
and complexity of the entity.
Key or Entity-Level Controls
Illustrated in the Small Audits Internal Control Questionnaire (SAICQ) published by CPA
Practice Aids, LLC, these small entity controls may be informal and ordinarily carried out by one
or a few persons such as an owner/manager. The design and operation of these key controls can
prevent material misstatements due to error or fraud from occurring and going undetected.
Successful operation of key controls, subjected to auditors’ tests of controls, may reduce control
risk to a moderate or even low level. Systems walk-though procedures performed by an auditor,
combined with substantive evidence from scanning the general ledger account activity, may
result in a control risk assessment less than high, even moderate. An assessed level of control
risk less than high can result in proportionate reductions of more expensive tests of balances
evidence.
Activity-Level Controls
The COSO Report states that control activities are the policies and procedures established to help
ensure that management directives are carried out. The key controls described above are primary
11
CPA Practice Aids, LLC
to accomplishing this objective. Absent the design of key controls, or when key controls are
designed but not operating properly, activity-level controls may be necessary to prevent
misstatements from occurring and going undetected.
These controls can be applied through features in an accounting software system, by personnel
while performing accounting procedures or by the design of documents or data. The SAICQ
mentioned above illustrates the activity-level controls for the financial statement classifications
of a small entity. If key controls at the entity level are not designed or operating properly, certain
activity-level controls may prevent errors from occurring and going undetected. Obtaining
knowledge of these controls should be part of the auditor’s risk assessment procedures. The
degree to which these controls may be regarded as substantive evidence by an auditor depends
on the extent to which tests of controls or systems walk-through procedures may be performed.
Can Owner/Manager Controls Be Audited?
Many auditors believe that owner or manager controls are unauditable because their performance
is usually not documented. Interestingly, audit risk assessment standards identify inquiries and
observations as acceptable procedures for testing controls, both key and activity level controls.
For example, obtaining a copy of a bank statement and asking a business owner how she
approaches its preliminary review before reconciliation may provide evidence that the assessed
level of risk of material misstatements for cash is less than high. This procedure will produce
reliable substantive evidence when the integrity of management is high.
An auditor’s evaluation of management’s integrity as high has at least two significant affects on
small audits. First, high management integrity normally means a stronger control environment
which reduces risk at the financial statement level. Lower risk mean less evidence is required to
reach a conclusion on the financial statements as whole. Second, high management integrity
means higher reliance can be placed on responses to inquiries in tests of key controls, thereby
reducing the amount of other substantive evidence necessary at the assertion level. Tests of
activity-level controls can also be performed by inquiries and observations of other employee’s
activities if the auditor has assessed their competence and integrity.
The answer to the headline question above is yes, owner/manager controls can be audited. Not
only are they auditable, selecting and serving clients employing management and other personnel
with good character and high integrity can increase both engagement and firm profits.
Considering the Prior Period’s Control Risk Assessment
The risk assessment standards of 2006 (and the Clarified Auditing Standards effective for
periods ending after December 15, 2012) opened an unexpected door..Auditors were given
permission, almost encouraged, to consider the affects of the prior period’s control risk
assessment on the current period’s control risk assessment. Focusing on the performance of tests
of controls, the standards indicated that if there was no significant change in policies, procedures
or personnel, the prior year’s control risk assessment could be used in the current period.
To reach such a conclusion, the auditor must at least make inquiries of client management
personnel and perform a systems walk-through procedure for two to five transactions in each
major transaction cyele. Common sense dictates that the best way to do this is by reviewing the
12
CPA Practice Aids, LLC
prior year’s internal control documentation with client personnel. Once a flowchart, an ICQ or
memo has been updated and the walk-through procedures documented with no significant
change, the prior year’s control risk assessment can be used to develop cost-beneficial audit
strategies and audit plans.
If there are significant risks of material misstatement found in updating internal control
documentation, the prior year’s assessment can not be used to mitigate such misstatements. In
this case, further substantive tests would be necessary to mitigate such risks and the control risk
assessment may be higher than the prior year.
Understanding Assertions and Types of Tests
The objective in this section is to lay a foundation for understanding financial statement
assertions, audit objectives, and types of tests that enable auditors to efficiently gather evidence
to reach conclusions on audits of financial statements. When the requirements of professional
standards are understood by auditors, decisions to perform only the minimum amount of work in
each engagement’s circumstances can be made. Previous sections have discussed the design of
cost-beneficial audit strategies. This section will clarify, expand on and apply these concepts.
Financial Statement Assertions (Overall Audit Objectives)
Assertions are representations of management that are embodied in all financial statement
classifications. Specific audit objectives are developed in each classification to enable the auditor
to evaluate relevant financial statement assertions. Auditing procedures are then performed to
accomplish the audit objectives and evaluate the financial statement assertions.
Below is an easy way to remember these common, relevant assertions that originated in SAS No.
106 (AU-C 500):
C ompleteness
To determine that all transactions and accounts that should be presented have been
included in the financial statements.
O ccurrence and cutoff
To determine that all transactions occurring during the period have been recorded in the
financial statements in the proper period.
V aluation and accuracy
To determine that all asset, liability, revenue and expense components have been
included in the financial statements at accurate amounts, classified properly.
E xistence
To determine that all recorded assets and liabilities exist at a given date.
13
CPA Practice Aids, LLC
R ights
To determine that the entity has rights to all assets recorded at a given date.
O bligations
To determine that all liabilities are obligations of the entity at a given date.
D isclosure and Presentation
To determine that all components of the financial statements and other transactions and
events are accurately classified, clearly described and disclosed.
Audit programs used by most CPA firms are designed in a standard, all-inclusive format that
includes the most conceivable auditing procedures. To ensure sufficient evidence is gathered to
evaluate all applicable financial statement assertions, the auditor must consider relevant
assertions during the risk assessment process and when designing and modifying audit programs.
Failure to eliminate certain unnecessary procedures may result in over auditing. Eliminating
other procedures without considering the relevant assertions applicable to each account balance
could result in collecting insufficient evidence. Eliminating all tests of controls, for example,
without adding other analytical or tests of balances procedures, may omit procedures for
evaluating the completeness assertion for revenue.
When deciding on appropriate auditing procedures, the auditor should select a test, or
combination of tests, that will provide evidence sufficient to mitigate the risk of material
misstatement. Considering the risks of misstatement in each material financial statement
classification, the types of tests selected should be the most efficient in the circumstances.
Basic Types of Tests
To build the foundation for designing the most cost-beneficial audit strategies, a thorough
knowledge of the basic types of tests is necessary. While the terms will be familiar to most
readers, their consideration here will provide perspective for the discussions in the remainder of
this section.
Tests of Controls—Compliance Transactions Tests (author’s words)
Compliance tests are designed as tests of internal control procedures or activities to determine:
1.
2.
3.
4.
The frequency with which the control procedures are performed.
The quality of the performance of the control procedures.
The person performing the procedures.
The design effectiveness of the procedures.
Owners or managers for small entities may perform key controls that are not documented. In
these circumstances, the auditor may assess compliance by making inquiries of an owner or
manager, inspecting supporting information as considered necessary, evaluating their responses
and documenting their compliance in a memo or on a working paper.
14
CPA Practice Aids, LLC
Tests of Controls—Substantive Transactions Tests (author’s words)
A substantive transactions test is an accounting system test designed to check for monetary
errors. Determining that all entries recorded in the cash disbursements journal are valid by
examining supporting documents, or that the extension of sales prices and units on sales invoices
are correct, are examples of substantive transactions testing procedures. Tests of controls are
often used as “dual-purpose” tests, i.e., both compliance and substantive tests of transactions are
performed. While both may supply sufficient evidence to evaluate applicable financial statement
assertions, it is more efficient to perform one or the other. Only a “handful” (10%-20%) of the
transactions need be tested substantively after compliance tests are performed.
If a client has limited internal controls, but has a good accounting system, a substantive
transactions test can be performed or an assessment made of control risk using other procedures
such as a systems walk-through procedure or tests of an owner/manager’s key controls by
making inquiries and/or observations of procedures and inspection of documents.
System’s Walk-Through Procedure
The system’s walk-through procedure is often the most cost-efficient, annual risk assessment
procedure auditors can use and is discussed for the first time in SAS No.109 (AU-C 315). It is
performed by tracing documents and data through the accounting system from the inception of
transaction cycles to their termination. Its primary purpose is to provide a good understanding of
the accounting system and any control procedures or activities for risk assessment purposes. The
walk-through procedure and scanning the general ledger account activity, coupled with good
prior year audit experience with a client, may permit an assessment of control risk at slightly less
than high to moderate. Lesser reliable procedures (nature) used for small details of an account
balance, along with lesser audit coverage of an account balance (extent) and/or performing some
procedures before year-end (timing) can result at lower assessed levels of risk. This procedure,
considered along with other risk assessment procedures, can provide substantive evidence that
may enable the auditor to reduce tests of balances, even on smaller audits.
Analytical Procedures (Striking it rich!)
Analytical procedures consist of absolute comparisons of dollar balances with prior years’
account balances, or with budgets, ratio comparisons and trend analysis, and computations based
on financial or operational data designed to predict the balance in a general ledger account.
Analytical procedures also extend beyond numerically-based procedures to become a part of an
auditor’s thought process. Challenging financial information or the lack of such information that
appears unusual, maintaining positive, healthy professional skepticism when considering client
responses to inquiries and searching for the cause of a problem beyond its symptoms are
examples of analytical thinking. The term “professional skepticism” is used in the literature to
describe this kind of thinking. It is loosely defined as neither blindly trusting every client or, on
the other hand, considering each client dishonest as substantive evidence is gathered.
The most common analytical procedures are corroborative in the nature. Their primary purpose
is to corroborate evidence gathered from other tests designed to evaluate financial statement
assertions.
15
CPA Practice Aids, LLC
When the results of analytical procedures contribute evidence to enable an auditor to evaluate
financial statement assertions, related tests of balances can be reduced, at least to a limited
extent. The extent of the reductions of tests of balances depends on the effectiveness of the
analytical procedures. Determination of the effectiveness of a procedure must be based on the
procedure’s contribution of evidence for evaluating the financial statement assertions. The most
effective analytical procedures are computations designed to predict the balance in a general
ledger account based on audited financial or operational data, e.g. quantity reconciliations and
reasonableness tests. Corroborating procedures performed at lower levels of detail are more
effective than corroborating procedures based on balances of financial statement classifications.
Reading (Scanning) the General Ledger
One of the most pervasive analytical procedures is reading, or scanning, the general ledger
account activity. Whether done manually, or with the assistance of data extraction software, this
analytical procedure is discussed in the auditing standards.
Many auditors perform this procedure but fail to consider its affect on their audit strategy. After
any errors that are discovered are corrected by proposed journal entries, the auditor has obtained
significant, substantive evidence that relevant assertions for many account balances are
reasonable. The evidence obtained from this and other risk assessment procedures should enable
the auditor to reduce the assessed levels of risk of material misstatement in financial statement
classifications and, therefore, the extent of evidence desired from detailed tests of balances.
This procedure is usually performed by searching for unusual amounts or postings, transactions
or general journal entries greater than the lower limit for individually significant items, checks or
disbursements to be used in support tests, and other unusual matters. Documentation of the
procedure should include the parameters of the test, the exceptions the test revealed and the
resolution of the exceptions in a spreadsheet, memo or other working paper.
Tests of Balances
Substantive tests of the details of general ledger account balances include, among other evidence
collection procedures, the following:






Physical examination of assets.
Confirmation of account balances.
Inspection of support for transactions and balances.
Observation of the work of client personnel.
Inquiries of client personnel.
Tests of the mechanical accuracy of balances.
The substantive tests of balances often make substantial contributions to evaluation of the
financial statement assertions. Compared to risk assessment and analytical procedures, tests of
balances procedures are, however, usually the most time consuming to perform.
Selecting the Strategy
To select the proper strategy and prevent over auditing, the auditor must consider (1) the
opportunity to assess risk of material misstatement at less than maximum; and (2) the relative
16
CPA Practice Aids, LLC
efficiency with which substantive tests of balances procedures can be performed. When a client
has good internal controls and/or a good accounting system, using tests of controls may be the
most cost-efficient strategy. However, when other risk assessment procedures are performed,
e.g., reading the general ledger and performing a systems walk-through procedure and slightly
reduced substantive tests of balances to evaluate applicable financial statement assertions in
minimum time, tests of controls would not ordinarily be necessary.
Since the evaluation of the risk of material misstatement is made at both the financial statement
and the assertion levels, and because tolerable misstatement must be determined for each
material financial statement classification, the auditor will achieve efficiencies by planning
unique audit strategies for each financial statement classification.
Establishing and Using Materiality Levels
Paraphrasing SAS No. 107, materiality judgments about financial statements are unique to each
environment in which judgments are made. Risk always affects materiality. Materially misstated
financial statements contain errors or irregularities that a reasonable person, considering the
quantitative and qualitative facts in the circumstances, would consider important enough to cause
an unfair presentation.
Preliminary Estimate of Planning Materiality
The preliminary estimate of planning materiality is the maximum amount by which the auditors
believe the statements could be misstated, by known or unknown error or fraud, and still not
affect the decisions of reasonable users. While professional literature does not require
quantification of a materiality level, most firms make an estimate of a dollar amount to guide
their judgments and procedures. Remember that this estimate is only a guide and is not a specific
determination of what is, and is not, material in an audit.
Usually, a single base such as the higher of total revenues or total assets is selected for the
financial statements taken as a whole. Once determined, the dollar amount of planning
materiality is multiplied by a factor to determine the portion available for known and unknown
error and fraud in the financial statements taken as a whole. This is tolerable misstatement, the
maximum amount of known error an auditor can accept in the financial statements without
adjustment.
A general range of 50% to 75% of planning materiality is used to calculate tolerable
misstatement at the financial statement level. Extremely low risk could enable an auditor to
calculate tolerable misstatement at an even higher level, say, 80% to 90%. When risk is higher at
the financial statement level, a lower level of tolerable misstatement will result in a lower limit
for individually significant items and more evidence from auditing smaller account balances,
general journal entries, unusual transactions, etc. Lower risk at the financial statement level will
result in fewer individually significant items.
Calculating Tolerable Misstatement and Individually Significant Items by Financial
Statement Classification
The Tolerable Misstatements Computation Form published by CPA Practice Aids, LLC presents
a general calculation of planning materiality for use as an overall guide for engagement planning.
17
CPA Practice Aids, LLC
This form also includes a specific calculation of tolerable misstatement and the lower limit for
individually significant items by financial statement classification, based on an assessed level of
risk of material misstatement for each classification, which should be used in sampling and nonsampling decision making. The process of determining tolerable misstatement and lower limits
for individually significant items at the financial statement level and the account classification
level is discussed in a later course in this small audit series.
Individually Significant Items for Financial Statements Taken as a Whole
Tolerable misstatement is the base for determining the lower limit for individually significant
items in the financial statements taken as a whole, generally from 1/6 to 1/3 of tolerable
misstatement, depending high risk or low risk respectively. For engagements with higher risk of
material misstatement at the financial statement level, individually significant items will
generally be those account balances, transactions or general journal entries in excess of 1/6 of
tolerable misstatement. When risk of material misstatement at the financial statement level is
lower, a percentage of up to 1/3 is commonly used for determining individually significant items.
When risk is very low at the financial statement level, some firms’ policies permit the lower limit
to be set at 50% to 60% of tolerable misstatement.
Time-Savings Opportunities
The concepts of materiality included in SAS No. 107 (AU-C 320) provide a framework for audit
quality. They also provide opportunities for saving time. Here are some of the time savings
opportunities:




Tolerable misstatement by financial statement classification will affect sample sizes
determined statistically or non-statistically. Using a higher level of tolerable misstatement
when risk at the assertion level is low or moderate results in fewer individually
significant items, smaller sample sizes and less audit work to achieve the desired level of
assurance.
Using a higher factor of tolerable misstatement at the financial statement or assertion
levels to determine the lower limit for individually significant items when risk is less than
high to moderate reduces work by auditing fewer individually significant items. Account
balances on the trial balance, individual accounts receivable balances and outstanding
checks on bank reconciliations that are less than the respective lower limit are examples
of details that can be excluded from testing.
Potential adjustments less than the lower limit of individually significant items can be
recorded on an Error Analysis Form (Audit Difference Evaluation Form) for error
analysis by the in-charge accountant, thereby limiting the number of proposed
adjustments to the trial balance.
Paper-passed adjustments require no further consideration or documentation.
Understanding Sampling and Non-Sampling Concepts
When SAS No. 39 was issued, concepts of risk and materiality had not been adequately
discussed in the professional literature. In fact, SAS No. 47, which contains risk and materiality
concepts, was not issued until sometime later. Without it, most practitioners could not understand
SAS No. 39 and its implementation took many years. A thorough understanding of the concepts
18
CPA Practice Aids, LLC
of risk and materiality is needed in order to understand sampling. This section will build upon
the previous discussions of these subjects.
SAS No. 39 (amended by SAS No. 111—AU-C 530) defines audit sampling as the application of
an audit procedure to less than 100% of the items within an account balance or class of
transactions for the purpose of evaluating some characteristic of the balance or class. Tests of
controls, accounts receivable confirmations, inventory observations, pricing and clerical tests,
vouching fixed assets and expense account balances and tests of purchases and sales cutoffs are a
few examples of procedures in which sampling applications may occur.
Deciding to Sample or Not to Sample
The sampling requirements in SAS No. 39 are applicable when sampling populations are
material (greater than the lower limit for individually significant items at the account
classification level) and other analytical and tests of balances procedures are not used to satisfy
audit objectives. A sampling population is the recorded population (account balance, class of
transaction, units, etc.) minus individually significant items.
Individually Significant Items
Selecting individually significant items is the process by which the sampling population is
derived. Individually significant items, instructs SAS No. 39 amended by SAS No. 111 (AU-C
530), must be audited 100%. For accounts receivable, a 100% audit would mean sending a
positive confirmation and/or performing alternative procedures such as examining subsequent
collections and shipping documents for an account to evaluate the existence and valuation
assertions. For inventories, a 100% audit includes observation of the physical inventory taking
procedures, making sufficient test counts and performing price testing and clerical testing to
evaluate the existence and valuation assertions. For tests of completeness of accounts payable,
major suppliers’ transaction records for confirmation and/or support for all subsequent
disbursements over a percentage of the applicable lower limit for individually significant items
for several weeks or months can be selected.
Deciding which items are individually significant requires reconsideration of the risk assessment
procedures and any tests of controls, systems walk-through procedures or analytical procedures
performed during planning that were considered in setting tolerable misstatement at the financial
statement and assertion levels. Some of these factors and their affect on the determination of
individually significant items (ISI) discussed above are:



Risk of material misstatement at the financial statement level—high risk will lower
tolerable misstatement and cause more items to be considered ISI. Low risk will result in
fewer ISIs.
Risk of material misstatement at the financial statement classification/assertion level—
high risk in the financial statement classifications being examined will result in lower
tolerable misstatement and more ISIs; low risk will produce the opposite.
Tolerable misstatement levels—lower levels of tolerable misstatement for individual
financial statement classifications will produce more ISIs, i.e., a greater percentage of a
classification would be subjected to audit. Higher levels of tolerable misstatement will
permit lesser coverage of account balance dollars.
19
CPA Practice Aids, LLC
If the sampling population is less than the lower limit for individually significant items, SAS
Nos. 39 and 111 (AU-C 530) will not apply unless the population has some unusual
characteristics such as a separate class of transactions or related party transactions. If the
sampling population is greater than the lower limit of ISIs, SAS Nos. 39 and 111 (AU-C 530)
will apply unless performing other analytical or tests of balances procedures can be used to
evaluate applicable assertions more efficiently.
Efficiency Should Always Be the Guide
The characteristics of a recorded population, and the relative ease of applying analytical and tests
of balances procedures in an audit strategy, guide decisions to sample or not to sample. If, for
example, the auditor can send 15 positive confirmations and cover 85% of the recorded
population, absent unusual items or a separate class of transactions in the remaining population, a
non-sampling approach would likely be most cost-efficient. On the other hand, auditing a
population with 1,000 small accounts having an average balance of $500, with limited variations
in the balances, would probably require a sampling application to be efficient.
Statistical applications for sampling are seldom used by firms except for special procedures such
as regression analysis to predict expectations in account balances for analytical procedures. Even
the once popular PPS statistical sampling method no longer has much support in practice. The
reason is sample sizes determined statistically, or by statistically-based non-statistical methods,
generally are larger and require more time than using an approach that considers risk and is
based on professional judgment.
High quality in every engagement is a top priority. A profitable, high quality engagement can be
produced when the design of the auditing procedures focuses on efficiency.
Planning for Finishing Engagements Functions and Responsibilities
Completing an engagement efficiently requires control and organizational skills. This section
discusses some of the key functions and responsibilities for engagement completion. It will be
covered in more detail in a later course in this small audit series.
Complete Engagement Performance Review
The in-charge is responsible for reviewing the work of all assistants and seeing that supervision
checklists are completed. The in-charge review should be conducted as assistants complete each
section of the engagement. Timely review and feedback can prevent assistants from making the
same types of documentation or procedural errors in other sections of an engagement.
Financial Statements, Footnotes, and Report Preparation
The in-charge is responsible for preparing, or assisting in preparing the end products of most
engagements. Planning for completing these documents, of course, must begin early in an
engagement. Reviewing the prior year’s working papers should include the financial statements,
footnotes and reports.
Using disclosure checklists or pre-designed disclosure working papers to guide the work of
assistants, disclosure information can be gathered efficiently as each section of an engagement is
20
CPA Practice Aids, LLC
completed. The financial statements, footnotes and report should be finalized before leaving the
field to prevent time-wasting return visits.
Report Review Conference between the Engagement Leader and the In-Charge
Accountant
The report review conference should be the final technical function for the engagement.
Accomplishment of the engagement objectives, conformance with firm policy, problem
resolution, and the financial statements, footnotes and report form and content should be the
primary subjects discussed. This conference, along with any independent report review function,
is the final key point for engagement quality.
Communication of Internal Control Deficiencies
All significant deficiencies and material weaknesses relative to the nature, size and complexity of
the reporting entity discovered during the risk assessment procedures and engagement
performance must be communicated to management. Significant deficiencies and material
weaknesses ordinarily result from omissions of key controls from the design of an entity’s
internal control system or from the failure to perform informal or formal key controls.
Since internal control is always relevant to the nature, size and complexity of an organization,
smaller entities may have only informal key controls performed by an owner or manager. In the
case of smaller entities, the internal control communication letter should communicate only those
deficiencies that are relevant to the smaller entity. Suggestions that relate to operational issues,
particularly those that save the client time or enable them to operate more profitably, are
obviously the best received.
Teaching staff personnel to document ideas for suggestions during the performance of the
engagement facilitates preparation of this communication during the completion phase of the
audit. Some firms are focusing on using these suggestions to sell additional services
engagements, and in some cases, develop business-planning engagements for their clients.
Administrative Wrap-up of Engagements
The administrative wrap-up of engagements should include the following functions, as they are
applicable for audits, reviews and full-disclosure engagements:
Scheduling and Completing Reviews
Timely completion of the review functions can make a major contribution to engagement
profitability. All reviews, including the tax provision/accrual review, leadere engagement
performance and report review, independent report review and engagement partner review,
as applicable, should be planned and scheduled in advance by the in-charge accountant. The
reviewers should be informed early if scheduled dates are changed. For maximum efficiency,
review functions should be performed in the field whenever possible. In this way, the
reviewer can avoid the usual telephone and office interruptions, can resolve problems while
staff personnel are still working on the engagement, and can use the opportunity to visit and
observe the client’s personnel and operations.
21
CPA Practice Aids, LLC
Since auditors’ reports are dated when all significant engagement procedures are completed
and the financial statements are available for issue, completing all levels of review in the
field, and obtaining the client’s approval of the financial statements and footnotes before
leaving the field, can eliminate extended subsequent events review periods. The in-charge
should carefully plan and assign staff assistants’ work responsibilities to coordinate with the
field reviews for timely and efficient completion of the engagement.
Obtaining Signed Correspondence
A correspondence control form should be maintained during the engagement by the in-charge
accountant to monitor the receipt of required correspondence. The engagement leader and/or
partner should determine that all correspondence has been received before signing and
releasing the report.
Furnishing Client with Proposed Adjustments
The in-charge accountant is responsible for furnishing the client with copies of all proposed
adjustments and reclassifications. All adjusting entries must be approved and posted to the
client’s records as of the reporting date. It is not normally necessary for the client to post
reclassification entries unless required by a CPA firm’s policies.
Review and “To Do” Lists
Lists of review and “to do” points are temporary records of possible additional work
necessary to complete an engagement. The results of any additional procedures performed or
additional information gathered in response to such points should be permanently
documented in the working papers. Any review or “to do” points that pertain to future
engagements should be summarized and included in a file bearing the next year’s reporting
date. All lists of review and “to do” points should be destroyed after engagement completion.
Using word processing software to type review notes and “to do” lists makes them easier to
read and easier to delete.
Time Savings for Next Year
Suggestions for modifying procedures on next year’s engagement should also be stored in a
file bearing next year’s reporting date. This information can be gathered throughout the
engagement or at its conclusion during a post-engagement meeting with staff personnel.
Collecting this information is most effective when memories of problems are fresh.
Report and Tax Returns Issuance
The in-charge accountant is primarily responsible for monitoring the engagement completion
and communicating with the engagement leader. The leader should resolve typing and
processing delays and communicate any changes of promised dates to the client promptly.
Every effort should be made to deliver reports and tax returns to clients on a timely basis.
Performance Appraisals
Performance appraisals, when a part of a CPA firm’s quality control procedures, should be
completed for staff personnel on engagements over a certain number of hours. To achieve
maximum benefits from these feedback mechanisms, appraisal forms should be prepared and
reviewed with staff peronnel immediately after the engagement’s completion. The forms
22
CPA Practice Aids, LLC
should be prepared honestly in accordance with the firms standards of evaluation and with
the purpose of building up and strengthening the firm’s staff resource base. Some firms will
not release audit reports until all appraisal forms are complete.
Time Budget and Control File
The in-charge accountant is responsible for the final time summarization, its reconciliation to
client time charges in the firm’s billing records, and its final comparison to budget. Reasons
for budget overruns should be documented in the file. Suggestions for next year’s possible
time savings should also be included. The file documents should be discussed with the
engagement leader prior to preparing the final client billing. Finally, preparation of a
tentative time budget for next year will facilitate future planning.
Policing Engagement Quality Control
While performing an inspection engagement for a CPA firm several years ago, I requested
working paper files for several clients from the file room. The papers in the files for one client
were literally covered with yellow sticky notes. Uncleared items, review notes, notes for next
year, and even a missing attorney’s letter were identified on the sticky notes although the audit
report had been issued nine months previously. While this is an extreme case, some firms have
implemented special quality control procedures to prevent this from happening to them. Auditing
standards require completion of an engagement within 60 days after the report release date.
Develop checklists to finalize the working paper files prior to their file room storage and have
this list monitored by an administrative employee. The checklists should be designed to prevent
the pre-peer review, panic cleanup of files. The files should be reviewed for various quality
control issues before being stored. Deficiencies or open items need to be communicated to the
engagement in-charge accountant along with a deadline for clearance. Maintain a tickler file to
control the location of the files and the date due for storage. Below are a few of the questions that
could be included on such a checklist:










Have all working papers been headed and initialed and dated by a preparer and reviewer?
Are all working papers indexed and properly cross-referenced?
Are all open items resolved?
Are all tick marks adequately explained?
Has all correspondence been received?
Have all audit program steps been completed?
Are all required forms and checklists included?
Have performance appraisals been completed?
Has a budget been prepared for the next year’s engagement?
Has the internal control and/or management letter been issued?
The Essence of Engagement Profitability—Efficient Wrap Up
Efficient engagement completion is a product of effective engagement planning. Failure to plan
properly throughout the engagement pushes problems into the completion phase of the job. Open
items are usually more difficult to close during wrap up than during fieldwork. Adopting a do-itnow policy for disposing of loose ends, and teaching the staff to follow it, will relieve
considerable pressure during the completion phase. Learning to anticipate common problems and
23
CPA Practice Aids, LLC
to achieve their resolution early will expedite the wrap up process. Planning the finish will
prevent a loss of control.
Conclusion
For small audits to be easy and profitable, all engagement personnel must know and comply with
applicable quality control and auditing standards, plan and conduct engagements in a timely and
orderly fashion, design unique audit strategies and plans for each engagement, and use common
sense, practical approaches to documenting the evidence collected to support conclusions on the
financial statements. Profitable engagements result from the consistent, on-going applications of
standardized policies and procedures that are applied uniformly throughout a CPA firm, from the
start of engagements to their completion.
24