Financial Audit Checklist

Pull last year's lead schedules, AJEs, management letter comments, and the prior opinion from Caseware or ProSystem fx Engagement. Note prior-year recurring AJEs — they're the most reliable predictor of where this year's misstatements live.

Meet with the controller and CFO to discuss changes in operations, new revenue streams, M&A activity, system migrations, and turnover in finance roles. Document changes that affect risk assessment under AU-C 315.

Independence rules differ by service level. Bookkeeping or controller services for the same client breach independence for a review or audit; preparation engagements under SSARS allow a reduced standard. Document the determination in the engagement file.

Document the benchmark (typically 5% of pre-tax income, 0.5%-1% of revenue, or 1% of total assets depending on entity type) and the haircut to performance materiality (usually 50%-75%). Tie threshold for clearly trivial errors is generally 5% of performance materiality.

Push the PBC through Suralink or TaxDome with named owners and due dates per item. Track completion weekly — fieldwork starting with half the PBC outstanding is the single largest cause of fee overruns.

Trace one transaction from order through invoicing, cash receipt, and GL posting. Identify key controls (credit approval, three-way match, reconciliation of unbilled revenue) and document in the control matrix.

Cover PO approval, vendor master changes, ACH release controls, and payroll change authorization. Vendor master and payroll bank-detail change controls are common SOC 1 weak spots in SMB clients on Bill.com or Gusto.

Pull a sample per AICPA sampling guidance — typically 25 for daily controls, smaller for weekly/monthly. Document deviations; one deviation usually means the control cannot be relied upon and substantive testing must expand.

If controls are reliable and effective, plan a controls-reliance approach with reduced substantive testing. If deviations are found or the entity lacks documented controls, fall back to a fully substantive approach. Document the decision and rationale.

When controls fail, increase sample sizes for substantive testing, lower the tie threshold, and add procedures (e.g., 100% confirmation of A/R over performance materiality). Memo the expansion in the planning file.

Send standard bank confirmations (Confirmation.com) for every account, including zero-balance and closed accounts open during the period. Reconcile confirmed balances to the year-end bank rec and investigate stale outstanding checks > 90 days.

Send positive confirmations for balances above performance materiality; alternative procedures (subsequent cash receipts review) for non-responses. Roll forward the A/R aging from confirmation date to year-end.

Required under AU-C 501 when inventory is material. Perform test counts in both directions (floor-to-sheet and sheet-to-floor), note slow-moving and obsolete items, and document cut-off (last receiving and shipping document numbers).

Walk through the five-step model on a sample of contracts. Focus on performance obligation identification and timing of recognition — over-time vs. point-in-time errors are the most common ASC 606 misstatements in SMB engagements.

Test the last 5-10 invoices, shipments, and vendor bills before and after period-end against shipping and receiving documents. Cut-off errors at year-end inflate revenue and understate AP — partner review here is non-negotiable.

Test the allowance for doubtful accounts, inventory reserves, warranty accruals, and useful-life assumptions. Compare prior-year estimates to actual outcomes — repeated optimistic estimates suggest management bias.

Tie the federal and state tax provision to filed returns (1120, 1120-S, or 1065). Review deferred tax roll-forward, NOL carryforwards, and uncertain tax positions under ASC 740. Check sales-tax economic nexus exposure across states with > $100K revenue.

Recompute each covenant ratio (DSCR, leverage, fixed-charge coverage, current ratio) using audited numbers. A breach without a waiver before year-end requires reclassification of long-term debt to current — a frequent finalization-stage surprise.

Request a written waiver from the lender dated before year-end. Without it, ASC 470-10-45 requires the entire balance to be classified current, which often triggers a going-concern evaluation.

Read minutes through subsequent-events cut-off date. Note approvals of major transactions, dividend declarations, related-party arrangements, and litigation. Cross-reference to journal entries and disclosures.

Required under AU-C 501 to corroborate management's litigation, claims, and assessments representations. Send to every law firm engaged during the period; follow up on non-responses before report date.

Roll all proposed AJEs into the SUM (summary of uncorrected misstatements). Evaluate both individually and in aggregate against materiality, considering qualitative factors (e.g., a small misstatement that turns a loss into income).

Engagement partner reviews high-risk areas, significant judgments, and the SUM. Concurring (EQR) review required for issuer audits and per firm policy on higher-risk private engagements.

Letter must be dated as of the report date and signed by CEO and CFO. Customize for unusual matters: related parties, going concern, fraud risk, subsequent events. Cannot issue the report without it.

Use the AICPA-conforming template for the opinion (unmodified, qualified, adverse, or disclaimer). Management letter captures control deficiencies — distinguish material weaknesses, significant deficiencies, and other matters per AU-C 265.

Cover required AU-C 260 communications: significant findings, accounting policies, estimates, difficulties encountered, disagreements with management, and the SUM. Document in the audit committee meeting minutes.

Release through the client portal after partner sign-off. Archive the engagement file in Caseware or ProSystem fx within 60 days of report date per AU-C 230 — late archival is a peer-review finding.