Assess RMM at High and Avoid Internal Control Documentation?

Can an auditor assess the risk of material misstatement (RMM) for all transaction cycles and accounts at high and not gain an understanding of the auditee’s accounting processes and internal controls?

An auditor is always required to gain an understanding of the auditee’s accounting processes and internal controls.

What if the auditee has only ten transactions and the auditor plans to substantively audit each one?

Same answer: An auditor is always required to gain an understanding of the auditee’s accounting processes and internal controls.

Auditors cannot avoid the risk assessment procedures–understanding controls, brainstorming, planning analytics (to name a few). We are required to gain an understanding of the entity and its controls. The audit standards do not allow auditors to default to a high risk assessment in order to avoid the risk assessment and planning parts of an engagement–regardless of how small the entity is or how few the transactions are.

Are Your Audit Reports Dated in Conformity with Audit Standards?

The AICPA peer review checklist (May 2015 version) asks the following:

Is the report dated in conformity with the requirements of professional standards? [AU-C sec. 700.41]

The audit report should be dated no earlier than the date on which the auditor has obtained sufficient appropriate audit evidence on which to base the auditor’s opinion on the financial statements, including evidence that:

the audit documentation has been reviewed;
all the statements that the financial statements comprise, including the related notes, have been prepared; and
management has asserted that they have taken responsibility for those financial statements.

Suggestion for Dating Audit Reports

Scan your audit file for the latest dates. I look for the quality control and partner review dates that are (generally) performed last. The audit opinion date should not precede these review dates. Why? Our evidential matter is not complete.

For example, let’s say the engagement partner completes her review of the file on July 31, 2015; she signs off in the file using that date. The date of the opinion should not precede July 31, 2015. If we use an opinion date of July 25, then we are opining on evidential matter (i.e. audit file) that is not complete.

How to Start a Blog

Three years ago I knew nothing about blogging

From time to time I have readers ask me how to start a blog or how I started mine.

Picture is courtesy of

Picture is courtesy of

I recently responded to a reader. Here’s that email (almost unedited, so it may be a little rough around the edges):

Dear Mary,

I have been blogging for about three years. I am not “expert,” but here are some thoughts. (You may already know all or some of what I will share.)

Use WordPress

You’ll need to get a blog hosting service. I use Host Gator (but there are several good ones).

I used an ebook from Amazon to guide me through the steps of setting up my blog: it’s called 30 Minutes to a WordPress Website.—Step-ebook/dp/B007KSK0KU/ref=sr_1_1?ie=UTF8&qid=1436192256&sr=8-1&keywords=30+minutes+to+a+wordpress+website&pebp=1436192268240&perid=10305WX53RN06ZTYKSZ1

The book is just a $1 I think. Step by step instructions.

You might also check out Michael Hyatt’s post:  (He is the king of blogging/podcasting in my opinion and a really nice guy.)

Listen to Michael Hyatt’s Podcast: This is Your Life

I get plenty of good (free) ideas from listening to Michael’s podcast.

Pick a Nice Looking WordPress Theme 

There are plenty of nice looking free WordPress themes (I believe you get those when you download WordPress).

I use GetNoticed (as my WordPress theme); it is about $200.

Pick Your Interval for Posting

Your audience wants consistency, so if you can post at least once a week, that will be good. I try (but am not always successful).

Blogging Takes Longer Than I Anticipated

I had no idea how much time blogging would take, but it is substantial—usually at least five hours per week for me (and I do most of this at night). Even 500-word posts can take several hours. You may be able to do this much quicker than I.

Use Pictures

I purchase my pictures from; they are $1 each. They have a good selection. You will need to give attribution for each picture; I usually just put “Picture is courtesy of”

Readers love eye-candy. Video is even better (but that takes a great deal of time). You can embed videos into your posts. You will see an example on my sidebar at I shoot these with my camera at home. The cost for the camera, lights, microphone, etc. is about $1,500.

Traction Takes Time

It took, for me, about two years of posting to see any real traction. I now have about 300 to 400 visitors a day.

Stay Practical 

Readers want practical information that they can implement. CPAs love information that is useful (and free).

Build an Email List

Each person who subscribes to my blog provides me with their email address. 

You can build an email list by using GetResponse, AWebber, Mailchimp (and there are many more). I use GetResponse (which has a nominal cost but has more advanced features than MailChimp, which is free).

I offer free magnets (e.g., an ebook about fraud prevention) in exchange for the subscribers email address. Then I use my RSS feed to trigger weekly emails to my subscribers (providing them with all the new information I have posted). I can email those subscribers at any time (but I generally don’t do so unless I’ve got something really important to communicate—I try to keep my communications to a minimum—once a week). 

The Main Benefit


Readers come to know you as a person. I have built relationships through my blogging. People see that I am here for them.

Closing Thoughts

I started my blog as an effort to share what I’ve learned through the years and just to have the opportunity to become a better writer. I love blogging and am now considering a podcast.

Charles Hall

Closing Comment

If you are interested in blogging, I hope you will start one. If you have any questions, please post them here, and I will try to assist.

Red Flags of Governmental Fraud

Fraudsters unwittingly send signals--Do you know them?

Fraud is detected by tips more than any other way–over 40% in the most recent Association of Certified Fraud Examiners’ survey. And many of those tips came from employees who knew the signs of fraud.

How can governments make employees aware of fraud signals? Education.

Picture is courtesy of

Picture is courtesy of

Would your employees recognize fraud if it were occurring? Some red flags are obvious. Others are not. Here are some sample governmental fraud red flags:

External Red Flags

  • Unexplained increases in the wealth of an accounting employee or elected official
  • Employee personal problems such as a divorce, substance abuse, financial difficulties, legal problems
  • Employee living beyond his or her means
  • Unusually close employee association with a vendor

Cash Receipts and Billing Red Flags

  • Taxpayer complaints concerning nonpayment notices (even though payment has been made)
  • A pattern of customer complaints in the utility billing and collection process
  • Substantial write-offs of receivables without support
  • Unexplained decreases in revenues
  • A pattern of missing receipt forms

Disbursements and Purchasing Red Flags

  • Altered or incomplete supporting documentation for disbursements
  • Purchasing party (e.g., department head) picking up processed vendor checks rather than accounts payable personnel mailing them
  • Unexplained increases in expenses
  • Excessive expenses when compared to the budget
  • Vendors without physical addresses

Payroll Red Flags

  • Employees with no or little payroll deductions
  • Excessive overtime expenses
  • Excessive payroll expenses when compared to the budget

Capital Assets Red Flags

  • Winning bid appears too high; all contractors submit consistently high bids
  • Qualified construction contractors not submitting bids
  • Reports of missing capital assets
  • A lack of accountability for capital assets

General Red Flags

  • A refusal by accounting personnel to take vacations
  • Unwillingness to share accounting duties
  • Employee irritability or defensiveness
  • Complaints about inadequate employee pay
  • A lack of transparency in accounting
  • Rumors of unethical conduct
  • A history of corruption in the government
  • Financial decisions made by one person with little or no accountability
  • Undocumented journal entries
  • Untimely bank reconciliations
  • Inexperienced or lax accounting personnel
  • Missing accounting records

Just because a red flag exists does not mean that fraud has occurred, but it’s still important to know the signs. Often where there’s smoke, there’s fire. Teaching employees the signals of fraud can save your government a great deal of money.

To learn more about fraud prevention for governments, check out my book on Amazon.

How to Prepare for the New SSARS 21 Preparation and Compilation Standards

Planning now will save you time at year-end

I don’t know about you, but I’m wondering where the first six months of 2015 went. Soon it will be December 31, 2015, and the financial statements we issue with calendar year-ends will be subject to the new SSARS 21 guidance. Between now and then, we need to:

  • Learn the requirements of SSARS 21
  • Decide if we will issue financial statements using the preparation or compilation guidance
  • Prepare our new engagement letters
  • Update our compilation report language
  • Decide how we desire to organize our files for each service
  • Develop or purchase forms to conform to the new standards
  • Decide who can issue our various financial statement deliverables (monthly, annual, preparation, compilation)
  • Determine how to track our preparation engagements (since this is a new service)
Picture is courtesy of

Picture is courtesy of

Once January 1, 2016, rolls around (and you are really busy again), you will be glad you took steps now to ease your transition to SSARS 21. Here are a few tips.

Learn the Requirements of SSARS 21

How can you learn about the new standards? A CPE course will help. Also, I will soon publish my new book on Amazon which will provide you with a quick guide to the standards. Don’t want to buy a book? Read my post SSARS 21 – The Lowdown, which will give you a quick overview. Either way, understanding the new standards will aid you in making the decision about whether to continue issuing compilation reports or start using the preparation of financial statements option.

By subscribing to my blog, you can download:

  • Sample preparation financial statements and
  • A sample preparation engagement letter

Decide How to Issue Financial Statements

Once you have a good understanding of SSARS 21, you will know whether you desire to issue financial statements using:

  • Section 70 of SSARS 21 (Preparation of Financial Statements) or
  • Section 80 of SSARS 21 (Compilation Engagements)

In terms of expected engagement time, I don’t see a substantial difference in the two options.

Both options allow/require the following:

  • The accountant can omit substantially all disclosures
  • A signed engagement letter must be obtained
  • The cash flow statement can be omitted
  • Selected disclosures can be provided
  • General purpose (e.g., GAAP) or special purpose (e.g., tax-basis) reporting frameworks can be used

One main difference: you will issue a report for compilations. A report is not issued for preparation engagements (though a disclaimer can be provided).

Preparing Engagement Letters, Reports, and File Structure

How can you create higher quality and efficiency? Create templates.

What is a template? It’s simply a model set of work papers

Electronic templates provide you with a set of work papers to begin your new engagements. While an electronic template is best, even a paper-based model will enhance your quality and efficiency.

Your preparation engagement template could include the following sample documents:

  • An acceptance and continuance form
  • Engagement letter
  • A form documenting judgments and consultations
  • Tax-basis financial statements including:
    • Sample financial statements with appropriate financial statement titles
    • An appropriate legend on each page (if that option is used), or
    • Disclaimer (if that option is used)

A compilation engagement template could include the following sample documents:

  • An acceptance and continuance form (include your consideration of independence)
  • Engagement letter
  • A form documenting judgments and consultations
  • GAAP financial statements including:
    • Compilation report
    • Sample financial statements with appropriate financial statement titles
    • Sample note disclosures

The key is to create templates of the work products you expect to issue most often. If you expect your preparation of financial statement engagements to include tax-basis and GAAP statements, then create templates for each.

Does your firm have a concentration in one niche? Maybe your company issues several physician practice compilations. If so, create a physician practice compilation template.

When creating your templates, compare your engagement letters to your sample financial statements to see if the following agree:

  • Financial statement titles
  • The individual financial statements (e.g., balance sheet)
  • The basis of accounting
  • Supplementary information
  • Departures from the applicable basis of accounting

How else can you increase quality?

Once you’ve created the templates, vet them with relevant AICPA peer review checklists. For example, use the compilation-without-disclosure peer review checklist to review your compilation-without-disclosure template. AICPA peer review checklists are free and can be downloaded at the AICPA website. Use the most recent checklist (they are often updated ).

Minimum Documentation

SSARS 21 states that the minimum documentation requirements are as follows:


Preparation of

Financial Statements


Engagement letter



Financial statements



Accountant’s report



Consider establishing minimum work paper requirements. What work papers are required for each type of engagement? Will your firm require a preparer sign-off for each work paper? When the partner or manager reviews the work papers, will she initial each reviewed work paper or just a summary review sheet?

Authority to Issue Deliverables

Determine who has the authority to issue financial statements and compilation reports. Here are a few questions to consider:

  • Who has authority to issue financial statements using the preparation guidance?
  • Who has authority to issue financial statements using the compilation guidance?
  • Will your firm require a second partner review of each initial preparation engagement?
  • Will a second partner review your firm’s annual compilation reports?

Tracking Preparation Engagements

Click here for information about whether your firm is subject to peer review. If your firm is subject to peer review, then your peer reviewer will need to know the number of preparation engagements issued. Here is a post about doing so.

Simple Summary

  • Start now to prepare for the transition to SSARS 21
  • A CPE course will assist you in understanding the new requirements
  • Well designed preparation and compilation templates will:
    • Enhance your firm’s compliance with professional standards, and
    • Increase your efficiency
  • Create templates for those work products that you expect to issue most often (e.g., tax-basis preparation financial statements)
  • In developing your templates:
    • Include the minimum required work papers and reports
    • Vet your templates using the AICPA peer review checklists
  • Determine who has the authority to issue different work products (e.g., preparation, compilation, monthly, annual)

Have You Started?

What about your firm? Have you started your transition to SSARS 21? If yes, are there other tips you would offer?

Note: While SSARS 21 is effective for periods ending on or after December 15, 2015, you can early implement. This post did not cover review engagements (SSARS 21 does encompass reviews).

New SSARS 21 Book

My SSARS 21 book is now available on Click here to see the book: Preparation of Financial Statements & Compilation Engagements.

Nonattest Services and Independence: What Peer Reviewers are Looking For

Why we (CPAs) need to pay more attention to nonattest services

Future peer reviews will have an increased focus upon nonattest services provided to attest clients. How do we know? Well, see the new peer review checklist questions below (for an attest engagement).

nonattest services

The big “no-no” is to assume management responsibilities and then perform an attest service. Here are additional questions from the peer review checklists. Notice the first item below: Accepting responsibility for the preparation and fair presentation of the client’s financial statements. The client must assume responsibility for the financial statements, even if we (as the CPA) prepare them.

If we prepare financial statements and perform an audit, review, or compilation, we have performed a nonattest service (preparation of financial statements) and an attest service (audit, review, compilation). Why is this important? Because if we perform a nonattest service and an attest service for the same client, we must assess our independence. And if we are not independent, then we can’t perform an audit or review engagement.


The peer review checklists also ask for:

  • The name and title of the client personnel overseeing the nonattest service and
  • A description of the accountant’s “assessment and factors leading to your satisfaction that the client personnel overseeing the service had sufficient skills, knowledge and experience”

Interestingly, later on in the peer review checklist (the one I’m presently referring to is the Not-for-Profit checklist), the following appears:

Does the auditor’s assessment of the skills, knowledge, and experience of client personnel overseeing non-attest services appear reasonable given indications within the engagement? Consider whether the auditor performed significant reconciliations and took into consideration the extent and significance of adjustments and journal entries, the control deficiencies, and so on.

Translation: If the auditor made several significant journal entries to clean up the records, does the client possess sufficient skill, knowledge, and experience?

Documentation of Nonattest Services

So do we need a new form to document our independence?

It certainly would not hurt to add a new form to document our independence. PPC offers such a form (and I am sure other work paper providers do the same). What I like about such forms (at least the one I have seen) is they provide us with a place to document all nonattest services and then to assess and document our client’s ability to assume responsibility for the nonattest services provided.

If the client can’t–or is unwilling to–assume responsibility for the financial statements, then we are not independent, and we cannot perform an audit or a review. This assumption of responsibility does not mean the client has the ability to create the financial statements, but it does mean that:

  • that the client will oversee the nonattest service,
  • that the client will evaluate the adequacy and results of the nonattest service, and
  • that the client will accept responsibility for the nonattest service

Documentation of the above in our engagement letters is sufficient to meet standards (even though I like the idea of adding a separate independence form to the file). We should–in the engagement letter–specify the nonattest services and the responsibilities of management.

We have, for some time now, included the client responsibility language (about overseeing, evaluating, and accepting) in our engagement letters. But the language referring to nonattest services usually addressed tax preparation, depreciation schedule preparation, bookkeeping and the like. Now preparation of financial statements should be included as another nonattest service (assuming the accounting firm prepares the financials, which we usually do).

The requirement to treat financial statement preparation as a nonattest service is effective for engagements covering periods beginning on or after December 15, 2014.

How to Find Sample 5500s and Audit Reports

CPAs love example tax returns and reports

Do you need to see sample 5500s or benefit plan audit reports?

You can find them here.

The DOL search screen appears below:

sample 5500s and audit reports

Searching for “Chicago Academy” results in the following:

DOL results

Filings for plan years prior to 2009 are not displayed on this website. Many benefit plans are not required to have an audit (you will not see an audit report for those plans).