Workflow Templates for Accounting: Regulatory Compliance Checklist

Financial Reporting Standards

Confirm reporting framework and ASU updates

Document whether the entity reports under US GAAP or IFRS and list any FASB ASUs effective this period (e.g., ASC 842 lease tracking, ASC 326 CECL for financial assets). Note any newly-adopted standards that change the prior-year comparison.

Tie financial disclosures to lead schedules

Each footnote should trace to a working trial balance lead schedule. Common gaps: related-party disclosures, subsequent events through report date, lease maturity tables, going-concern assessment.

Refresh accounting policy memo

Update revenue recognition, capitalization thresholds, depreciation methods, and inventory valuation policies. The controller signs off; a stale policy memo is the first thing an auditor flags during walkthrough.

Tax Compliance

Reconcile federal filings (1120, 1120-S, 1065, 941)

Confirm 1120-S and 1065 filed by Mar 15; 1120 and 1040 by Apr 15. Tie quarterly 941s to W-3 totals and to GL payroll-tax expense. Flag any unfiled extensions (Form 7004 / 4868).

File late returns under reasonable cause

If any federal return is past due, prepare reasonable-cause statement and assess first-time abate eligibility. Document the timeline and circumstances; the IRS rejects boilerplate.

Run 50-state nexus and sales-tax review

Pull revenue by ship-to state and compare to post-Wayfair economic-nexus thresholds (commonly $100K or 200 transactions). Verify Avalara or TaxJar is registered in each tripped state. Retroactive registration under VDA is the fix when nexus was crossed silently.

Audit 1099-NEC vendor list against W-9s

Pull every vendor paid more than $600 for services. Confirm a current W-9 on file and exclude corporations (with the attorney and medical-payment exceptions). 1099-NEC due Jan 31 — late filings hit per-form penalties.

Internal Controls and Risk

Walk through key controls in the close cycle

Document the bank rec preparer-vs-reviewer split, AJE approval threshold, and wire-release dual control. Test one transaction per key control; failures go on the management letter draft.

Verify segregation of duties in QBO or NetSuite

Pull the user permissions report. The bookkeeper who enters bills should not also release payments in Bill.com. Cash-handling, recordkeeping, and reconciliation should sit with three different people — or compensating review controls if headcount is too small.

Review SOC 1 reports for outsourced providers

Pull current SOC 1 Type II reports for Gusto, ADP, Bill.com, NetSuite, and any other service organizations affecting financial reporting. Read the complementary user entity controls (CUECs) and confirm each is implemented.

Ethics and Governance

Confirm AICPA independence for attest clients

Run the client list against attest engagements (audit, review, compilation with assurance). Bookkeeping for a review client breaches independence under most state-board interpretations of SSARS. Cross-selling teams trip this most often.

Refresh annual conflict-of-interest disclosures

Partners and managers complete a fresh COI questionnaire covering personal investments, family employment at clients, and outside board seats. Anything new gets routed to the managing partner before sign-off.

Verify partner CPE hours and ethics credit

Pull the CPE tracker and confirm 40+ hours per license holder for the reporting year, including the state-required ethics hours. Lapsed license = the firm cannot sign attest reports until reinstated.

Anti-Money Laundering

Confirm BSA/AML program scope applies

Determine whether the firm or its clients fall under BSA reporting (MSBs, broker-dealers, certain advisory clients). Note FinCEN Beneficial Ownership Information (BOI) reporting obligations for reporting companies under the Corporate Transparency Act.

Run KYC and sanctions screening on new clients

Document the beneficial owners (25%+) for each entity client added this year. Screen names against OFAC SDN and PEP lists. File the CIP record in the client folder; auditors and bank-relationship reviews ask for it.

Deliver annual AML training to staff

Cover SAR red flags, structuring, and the firm's escalation path. Training log goes in the compliance folder; FinCEN exam-readiness depends on dated attendance records.

Data Privacy and Security

Update the WISP under IRS Pub 4557

Every paid preparer must maintain a Written Information Security Plan. Refresh the asset inventory, designated security coordinator, encryption standards, and incident-response playbook. The FTC Safeguards Rule expects annual review and a documented risk assessment.

Map state privacy laws (CCPA, NY SHIELD, MA 201 CMR 17)

Identify the states where clients or staff reside. CCPA/CPRA, NY SHIELD, and MA 201 CMR 17 each have unique notification and safeguard rules. Note GDPR exposure if any clients have EU operations.

Sign off on the annual compliance review

Managing partner and compliance lead review findings, document remediation owners and dates, and sign. Open items roll into next quarter's compliance committee agenda.