Financial Statement Audit Checklist

Confirm the firm and engagement team meet AICPA Code of Professional Conduct independence rules. Run the conflict check against affiliates and beneficial owners. Common breach: a partner provided bookkeeping services last year and the engagement is now a review or audit — that's a SSARS / AU-C independence problem.

Document the reason in the conflict log, notify the client in writing, and either propose a remediation (rotate partner, drop disqualifying service) or decline. Do not proceed to engagement-letter execution without partner sign-off on remediation.

Engagement letter spells out scope (audit vs. review vs. compilation), fee structure, deliverables, and management's responsibilities for the financial statements and ICFR. Get it signed before any fieldwork — unsigned letters are the most common malpractice-claim trigger.

Send the prepared-by-client request list through Suralink, TaxDome, or Liscio at least 30 days before fieldwork. Tag each item with owner and due date. Track weekly with the controller — half-empty PBC lists at fieldwork start are the most common reason audits overrun.

Walk through changes since prior year: new revenue streams, M&A activity, debt covenant changes, accounting-policy elections, key personnel turnover. Capture in the planning memo per AU-C 300.

Update the understanding-of-the-entity workpaper: industry, regulatory framework, ownership, related parties, key contracts. Required by AU-C 315; reuse prior-year and document changes rather than starting from scratch.

Walk revenue, purchases-to-pay, payroll, and financial-close cycles end to end with the process owner. Identify key controls and points where misstatement could occur. Document in the cycle memo with screenshots from QuickBooks, NetSuite, or Sage Intacct.

For each key control, assess whether it is designed to prevent or detect a material misstatement and whether it has been implemented. Test of design only — operating-effectiveness testing is a separate decision driven by your reliance strategy.

Per AU-C 240, hold the fraud brainstorming meeting with the engagement team. Address revenue recognition risk and management override of controls — both presumed risks. Document incentive, opportunity, and rationalization factors observed.

Pull the working trial balance from the client's GL and tie each significant account to its lead schedule in Caseware or CCH ProSystem fx Engagement. Reconciling differences between the WTB and the lead must be cleared before substantive work begins.

Send bank confirmations through Confirmation.com. Test year-end bank rec for each account: trace deposits in transit and outstanding checks to the subsequent statement. Stale items over 90 days are an audit flag — agree write-off with the controller.

Select the sample using monetary-unit sampling sized to performance materiality. Send positive confirmations; perform alternative procedures (subsequent-receipt testing, shipping documents) for non-responses. Document the exception summary.

Observe the year-end physical count if inventory is material. Test count-tag controls, perform test counts, and reconcile to the perpetual records. Test lower-of-cost-or-NRV by sampling SKUs against recent sales prices.

Vouch additions over the scoping threshold to vendor invoices; confirm capitalization vs. expense per the client's policy. Recompute depreciation on the roll-forward and tie to the GL expense.

Confirm balances and terms directly with lenders. Recompute key covenant ratios (DSCR, leverage, fixed-charge coverage). A failed covenant without a waiver letter dated before year-end can force current-classification of long-term debt and trigger going-concern questions.

Per AU-C 560, inquire of management about events between year-end and report date. Read minutes, latest interim financials, and material contracts. Recognized vs. non-recognized events drive disclosure vs. adjustment treatment.

Per AU-C 570, evaluate whether substantial doubt exists about the entity's ability to continue as a going concern for one year from the report date. Consider recurring losses, negative working capital, covenant defaults, and management's mitigation plans.

When substantial doubt is not alleviated, add a separate section in the auditor's report titled "Substantial Doubt About the Entity's Ability to Continue as a Going Concern" per AU-C 570.20. Coordinate with the client on Note disclosure language before finalizing.

Letter must be dated the same date as the auditor's report and signed by the CEO and CFO. Include client-specific representations for unusual matters (litigation, related-party transactions, estimates). No rep letter, no report — this is a hard stop.

Use the AU-C 700 report format. Confirm the financial statements distributed to users match the version covered by the report. Release through the client portal with a signed PDF and watermarked draft removal.

Communicate significant deficiencies and material weaknesses in writing to those charged with governance per AU-C 265. Include management's planned remediation. Distinguish from "other matters" that are best-practice suggestions, not control deficiencies.

Cover required AU-C 260 communications: scope, significant accounting policies, management's judgments and estimates, uncorrected misstatements, disagreements with management, and difficulties encountered. Provide written deck and executive summary.