Financial Audit Checklist

Pull last year's lead schedules, AJEs, management letter comments, and the prior opinion from Caseware or ProSystem fx Engagement. Note prior-year recurring AJEs — they're the most reliable predictor of where this year's misstatements live.

Meet with the controller and CFO to discuss changes in operations, new revenue streams, M&A activity, system migrations, and turnover in finance roles. Document changes that affect risk assessment under AU-C 315.

Independence rules differ by service level. Bookkeeping or controller services for the same client breach independence for a review or audit; preparation engagements under SSARS allow a reduced standard. Document the determination in the engagement file.

Document the benchmark (typically 5% of pre-tax income, 0.5%-1% of revenue, or 1% of total assets depending on entity type) and the haircut to performance materiality (usually 50%-75%). Tie threshold for clearly trivial errors is generally 5% of performance materiality.

Trace one transaction from order through invoicing, cash receipt, and GL posting. Identify key controls (credit approval, three-way match, reconciliation of unbilled revenue) and document in the control matrix.

Cover PO approval, vendor master changes, ACH release controls, and payroll change authorization. Vendor master and payroll bank-detail change controls are common SOC 1 weak spots in SMB clients on Bill.com or Gusto.

Pull a sample per AICPA sampling guidance — typically 25 for daily controls, smaller for weekly/monthly. Document deviations; one deviation usually means the control cannot be relied upon and substantive testing must expand.

If controls are reliable and effective, plan a controls-reliance approach with reduced substantive testing. If deviations are found or the entity lacks documented controls, fall back to a fully substantive approach. Document the decision and rationale.

Send standard bank confirmations (Confirmation.com) for every account, including zero-balance and closed accounts open during the period. Reconcile confirmed balances to the year-end bank rec and investigate stale outstanding checks > 90 days.

Send positive confirmations for balances above performance materiality; alternative procedures (subsequent cash receipts review) for non-responses. Roll forward the A/R aging from confirmation date to year-end.

Required under AU-C 501 when inventory is material. Perform test counts in both directions (floor-to-sheet and sheet-to-floor), note slow-moving and obsolete items, and document cut-off (last receiving and shipping document numbers).

Walk through the five-step model on a sample of contracts. Focus on performance obligation identification and timing of recognition — over-time vs. point-in-time errors are the most common ASC 606 misstatements in SMB engagements.

Test the last 5-10 invoices, shipments, and vendor bills before and after period-end against shipping and receiving documents. Cut-off errors at year-end inflate revenue and understate AP — partner review here is non-negotiable.

Tie the federal and state tax provision to filed returns (1120, 1120-S, or 1065). Review deferred tax roll-forward, NOL carryforwards, and uncertain tax positions under ASC 740. Check sales-tax economic nexus exposure across states with > $100K revenue.

Recompute each covenant ratio (DSCR, leverage, fixed-charge coverage, current ratio) using audited numbers. A breach without a waiver before year-end requires reclassification of long-term debt to current — a frequent finalization-stage surprise.

Request a written waiver from the lender dated before year-end. Without it, ASC 470-10-45 requires the entire balance to be classified current, which often triggers a going-concern evaluation.

Read minutes through subsequent-events cut-off date. Note approvals of major transactions, dividend declarations, related-party arrangements, and litigation. Cross-reference to journal entries and disclosures.

Roll all proposed AJEs into the SUM (summary of uncorrected misstatements). Evaluate both individually and in aggregate against materiality, considering qualitative factors (e.g., a small misstatement that turns a loss into income).

Engagement partner reviews high-risk areas, significant judgments, and the SUM. Concurring (EQR) review required for issuer audits and per firm policy on higher-risk private engagements.

Letter must be dated as of the report date and signed by CEO and CFO. Customize for unusual matters: related parties, going concern, fraud risk, subsequent events. Cannot issue the report without it.

Use the AICPA-conforming template for the opinion (unmodified, qualified, adverse, or disclaimer). Management letter captures control deficiencies — distinguish material weaknesses, significant deficiencies, and other matters per AU-C 265.

Cover required AU-C 260 communications: significant findings, accounting policies, estimates, difficulties encountered, disagreements with management, and the SUM. Document in the audit committee meeting minutes.