External Audit Preparation Checklist

Pull the signed engagement letter from the audit firm. Verify the engagement type (audit, review, or compilation), reporting framework (US GAAP vs. IFRS), reporting period, and fee structure. Flag any scope changes from prior year for partner discussion.

Set the planning call with the engagement partner and senior. Walk through the audit timeline, fieldwork dates, interim vs. final, and any new areas of focus (revenue recognition, going concern, subsequent events, ASC 842 leases).

Map each PBC line item to a named owner — cash to the staff accountant, revenue to the AR lead, payroll to HR, fixed assets to the controller. Auditors arriving to find half the PBC unassigned is the most common cause of fieldwork overruns.

Tie last year's passed and posted AJEs back to the current opening balances. Unposted prior-year adjustments are a common cause of beginning-balance qualifications and rep-letter back-and-forth.

Set the close date in QBO/Sage Intacct/NetSuite with a password. Once locked, any further entries require a documented AJE — no silent post-close edits, which auditors will catch in their roll-forward and call as a control deficiency.

Each balance sheet line gets a lead schedule that ties to the WTB and supports the balance with detail (bank rec, AR aging, AP aging, fixed-asset roll-forward, debt schedule, accrual workpaper). Unreconciled items over $1,000 or 30 days need a memo.

Accruals, deferrals, depreciation, lease ROU/liability remeasurement, allowance for doubtful accounts, inventory reserves. Every AJE needs a memo and supporting workpaper — auditors will request the support and a plug-to-RE entry is a guaranteed audit finding.

Balance sheet, income statement, statement of cash flows (indirect method), statement of equity, and footnotes. Use last year's footnotes as a starting point and mark every change. Common new-disclosure misses: ASC 842 leases, ASC 326 CECL, related-party, subsequent events.

Auditors will set their own materiality, but management should compute internal thresholds (typically 5% of pre-tax income or 0.5–1% of revenue) for the SAD list. Items below the SUM threshold can be passed; above performance materiality must be posted.

Update narratives for the major cycles — order-to-cash, procure-to-pay, payroll, financial close, IT general controls. Note any system changes (new ERP, payroll provider switch, new bank) that change the control environment from last year.

Map each key control to the financial statement assertion it addresses (existence, completeness, accuracy, cutoff, valuation). Identify control owner, frequency, and evidence retained. Auditors will sample from this list.

Run management's own test of design and operating effectiveness on each key control before fieldwork. Document exceptions with a remediation plan — the auditor finding the same exceptions you missed is a control reliance problem.

For each exception, document the root cause, compensating controls, and remediation timeline. Share with the audit team early — proactive remediation gets reported differently in the management letter than a finding the auditor surfaces first.

Request current SOC 1 Type II reports from payroll (ADP, Gusto, Paychex), 401(k) recordkeeper, equity admin, and any cloud ERP. Confirm the report period covers your fiscal year and review CUECs (complementary user entity controls) for items you must implement on your end.

Sign confirmation requests at year-end balances; auditors send directly through Confirmation.com. Also upload year-end bank statements, broker statements, and loan amortization schedules with covenant compliance calcs.

Year-end AR aging tied to GL, top-customer revenue detail, deferred revenue roll-forward, and ASC 606 contract analysis for any non-standard arrangements (multi-element, variable consideration, non-cash). Include the bad-debt allowance methodology.

Physical inventory count sheets and reconciliation to perpetual; fixed-asset roll-forward with additions, disposals, and Form 4562 tie-out; ASC 842 lease schedule with ROU asset, lease liability, and discount rate documentation.

Outside counsel needs at least 3 weeks to respond to the audit inquiry letter. List all pending and threatened litigation, claims, and assessments with management's assessment per ASC 450 (probable, reasonably possible, remote). Late legal letters delay the opinion.

List related-party transactions (officer loans, common-control entities, family) with terms and balances. Document subsequent events through the report-issuance date — Type 1 (recognized) vs. Type 2 (disclosed only). Auditors will ask again at the rep-letter stage.

Provision read-only ERP access (QBO, NetSuite, Sage Intacct), guest WiFi, conference-room booking, and Suralink or Caseware portal credentials. Confirm IT security review is documented if auditors are using their own laptops on your network.

Walk the PBC list line by line with the controller and CFO. Anything not green gets a date and an owner. This is the last chance to surface gaps before the audit team is on the clock.

List every incomplete item with the blocker (waiting on counterparty, system limitation, judgment call) and a target date. The CFO decides whether to delay fieldwork or enter with known gaps and a plan.

The rep letter dates concurrent with the auditor's report. CFO and CEO both sign. Read every assertion — fraud, related parties, subsequent events, going concern, completeness of minutes — and confirm before signing. This is the document that backs up auditor reliance.