May 2, 2021

Successfully Preparing For Year-End Audits of Privately-Held Clients

Year-end is typically a busy time for external auditors, even without the added stress of the COVID-19 pandemic. But as most CPA firms know, the hectic atmosphere is not a reason to neglect a highly-developed, measured, methodical year-end audit strategy plan.

In addition to meeting a CPA firm’s quality control standards, audit engagements are subject to a peer review or outside monitoring process — and a peer review report with a rating of pass with deficiencies, or fail, may shake the core confidence of a CPA firm’s leadership, clients and the public interest. Collemi Consulting professionals have been called in when CPA firms have encountered negative peer review results, and we’ve been asked to address some commonly cited matters.
To begin with, a well-crafted audit will address and satisfy the following issues:


  • Common peer review challenges
  • Audit planning and supervision
  • Audit risk and risk assessment procedures
  • Obtaining and documenting an understanding of the audit client and its environment, including its internal controls
  • Materiality considerations
  • Linking audit procedures to mitigate the risks identified and reach audit conclusions
  • Required auditor communications


The auditor’s overall objective when conducting a risk-based approach to audits of financial statements is to provide reasonable assurance that the financial statements, as a whole, are free from material misstatement, enabling the auditor to express an opinion on whether the financial statements are prepared, in all material respects, in accordance with accounting principles generally accepted in the United States of America (U.S. GAAP).


Avoidance of Common Peer Review Issues
Frequently cited mishaps with respect to risk assessment include:

  • Failure to link the substantive procedures performed to the results of the risk assessment
  • Audit procedures not linked to the client’s financial statement and relevant assertion-level risks for significant classes of transactions, account balances, or disclosures
  • Designing audit procedures with little regard for the results of that assessment as required by AU-C 315, Understanding the Entity and its Environment and Assessing Risks of Material Misstatements.


Risk Assessment Shortcomings

Peer reviewers often cite shortcomings in auditors’ understanding of the entity and its control environment. This includes a failure to understand the entity’s internal controls. When conducting your risk assessment, it’s useful to remember that your assessment will generally be more effective at the start of the engagement, and that internal control procedures may be performed before the risk assessment document is completed. The auditor, however, is not required to test internal controls unless mandated under certain circumstances.


Other critical points to keep in mind include the importance of having strong audit workpaper documentation; and that the risk assessment process is an iterative one: repetition in order to generate a sequence of outcomes. Also, the AICPA Professional Standards have changed over the last decade due to the issuance of the suite of risk assessment standards and Clarity requirements.


Please note that practice aids are no substitute for understanding the Professional Standards. Although auditors are only required to document their understanding of the factors that help them draw conclusions, auditors are still responsible for maintaining adequate documentation, and it’s their responsibility to meet Professional Standards.


Audit Documentation Dilemmas

Audit documentation is defined as “the record of audit procedures performed, relevant audit evidence obtained, and conclusions the auditor reached.” Audit documentation should be sufficient to enable an “experienced auditor” — one who is independent and competent enough to challenge the engagement team’s procedures and conclusions — to understand such characteristics as the nature, timing, and extent of the audit, the results of the audit procedures performed, and any significant findings or issues.


Properly executed, audit workpaper documentation can stand on its own without any verbal explanation by the auditor if it answers the 5 “W” and 1 “H” questions: Who?, What?, When?, Where?, Why?, How?


Audit documentation serves as:

  • Evidence that the audit was properly planned and performed in accordance with auditing standards generally accepted in the United States of America (U.S. GAAS) and Evidence of the auditor’s basis for a conclusion


To further increase audit quality, audit documentation should provide sufficient and appropriate evidence that:

  • Risk assessment procedures were performed
  • There was appropriate response to address the risk of misstatement at the financial statement level
  • The nature, timing and extent of audit procedures performed were adequate for the engagement
  • There was linkage of those procedures with the assessed risks
  • The results of the audit procedures
  • Conclusions reached
  • Significant risks were reasonably considered


Audit workpapers should also reflect justification for any departures from presumptively mandatory requirements. They should also identify individuals who performed the work, when it was completed, the person who reviewed the work, and the date and extent of the review.


Audit workpaper documentation should also identify characteristics of the specific items tested, and discuss significant findings or issues with management or those charged with governance. Any information that contradicted or was inconsistent with the final conclusion on a significant audit finding or issue that was addressed should also be documented.


Don’t Forget About Litigation Attorneys

Over the years we’ve worked with litigation attorneys who have shared some “flash points” with us about notes and other workpaper matters that can come back and haunt the auditor. To be on the safe side, these are some real-life phrases and other items that should not make an appearance in your audit workpaper files:

  • Extraneous remarks or irrelevant memoranda, like “the client’s books are a complete mess” or “these expenses seem questionable”
  • Auditor statements that discredit their own work: “close enough for government work”
  • Personal files containing memos, schedules, and other matters related to an engagement
  • Superseded or outdated workpapers


Elements of properly prepared workpaper files include: initialing and dating each audit program step, signing off any audit program step as not applicable “N/A,” or as not considered necessary “N/C/N”, followed by an explanation. Any “Open Items Lists” should be reviewed and any conclusions regarding unique issues should be thoroughly documented. Additionally, time budgets explaining any overages and underages should be maintained, and the completion date should be documented. Professional Standards require that workpapers should be retained for a minimum of five years from the report release date — although practice, legal, regulatory, or other factors may dictate a longer retention period.


Don’t Forget Your Independence

The AICPA Code of Professional Conduct requires auditors to be independent in both fact and appearance. Auditor independence issues can be classified into four high-level areas:

  • Financial interest
  • Family relationship
  • Management function
  • Management decision making


In order to perform permissible non-attest services, the audit client must first agree to:

  • Make all management decisions and perform all management responsibilities
  • Designate an individual with suitable skills, knowledge, and/or experience, preferably within senior-level of management, to oversee the performance of the non-attest services
  • Evaluate the adequacy and results of the non-attest services
  • Accept responsibility for the results of the non-attest services
  • Establish and maintain internal controls, including monitoring ongoing activities


Auditors should exercise caution when it comes to certain “independence” matters that can raise red flags about their independence in a peer review or litigation matter. Some areas include:


  • Providing multiple non-attest work products
  • Significant concentration of revenue coming from one audit client
  • Taking on management responsibilities
  • Providing consultation that goes beyond routine advice
  • Inadvertently engaging in other non-compliance activities like performing non-attest services for a company before it becomes an attest client; loaning staff members to an attest client; certain mergers or purchase of a CPA firm; employment of, or association with, an attest client; performing attest services for a client with unpaid fees; and engaging a client employee


Other red-flag issues include financial interests in an attest client and their affiliates, the adequacy of fees being charged, and the existence of group audits.

Learn More

There’s still time to fulfill your 2025 CPE requirements

February 3, 2026
If you find yourself short on Continuing Professional Education (CPE) credits for the three-year period ended 2025, there’s still time to get them. The American Institute of CPAs (AICPA) requires 120 hours of CPE credits every consecutive three-year period, with at least 20 hours in any single year. The Institute provides a two-month grace period, meaning you have until the end of February 2026 to pick up any remaining credits you still need. But keep in mind that those extra hours will not count towards 2026. This applies to both CPAs and non-licensed practice professionals who work in a public accounting firm that undergoes an AICPA peer review. Practice professionals are responsible for retaining their CPE certificates (which state the sponsor title and description of content, date, location, and number of CPE hours earned) to show evidence of attendance. The AICPA provides exemptions for practice professionals who are retired, unemployed, or who have temporarily left the workforce and do not hold themselves out as CPAs to third parties. The same applies to practice professionals who have formally placed their CPA certificate/license in inactive status with their State Board of Accountancy and do not hold themselves out as CPAs to third parties. Waivers are available for shortfalls due to health, military service, or extreme natural disasters. It’s easy to see how CPE can be perceived as a burden, but it’s worth remembering that AICPA requirements change , audit standards change , and that it’s important to stay current with emerging technologies like AI , which is bringing a sea change to the industry. And, of course, some things like Group Audit requirements can be more complicated than you imagine. CPE is a way to improve yourself and your attest practice, not a drain on it. Besides the AICPA CPE requirements, practice professionals who work on the following attest engagements have to further comply as follows: “Yellow Book” Engagements: If you work on audits subject to the Government Auditing Standards, including planning, directing, performing audit procedures, or reporting, you must complete 24 hours of CPE every two years. These must directly relate to government auditing, the government environment, or the specific or unique environment in which the audited entity operates. In addition, auditors who perform any amount of planning, directing or reporting on Yellow Book audits, and auditors who are not involved in those activities but charge at least 20% of their time annually to Yellow Book audits are required to take another 56 hours of CPEs, for a total of 80 every two years. Exemptions are available if you charge less than 40 hours annually to Yellow Book audits. ERISA Engagements: If your firm is a member of the AICPA Employee Benefit Plan Audit Quality Center and you work on, manage or sign audit opinions for Employee Retirement Income Security Act (ERISA) employee benefit plan audit engagements, you are required to take 8 hours of employee benefit plan-specific CPEs in every three-year period prior to signing an ERISA employee benefit plan audit opinion or managing an ERISA employee benefit plan audit engagement. Eight hours are required for every three-year period going forward. SEC Issuer and Broker-Dealer Engagements: if your firm is an independent registered member firm of the Public Company Accounting Oversight Board (PCAOB), each practice professional must complete 120 hours of CPE credits every three years, with at least 20 in any single year. Practice professionals who devote at least 25% of their time to performing audits, reviews or other attest engagements (excluding compilations), or who have partner, manager or in-charge responsibilities for the overall supervision or review of any such engagements, must obtain 48 hours of CPEs in accounting and auditing subjects every three years, with no less than 8 hours in any one year. Of course it’s easiest to do 40 hours each year, but circumstances sometimes get in the way. The important thing to remember is there’s still time to reach the 120-hour minimum for the three year period ended 2025! Collemi Consulting leverages over three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.

AI Has Come to Auditing: Are You Ready?

December 1, 2025
Artificial intelligence (AI) is now becoming more of a part of the auditing process, and if you’re not using it, it’s time to start! The benefits are huge, starting with the ability to automate repetitive tasks, review all data rather than sampling, and allow real-time auditing. AI is not the future of auditing, it’s here now! AI is fundamentally changing the nature of auditing, and you’ve got to become comfortable with that. If your continuing professional education (CPE) schedule doesn’t include learning about AI and its strengths and weaknesses, it should. There are plenty of resources available from organizations like the Institute of Internal Auditors , the Center for Audit Quality (CAQ) and the American Institute of Certified Public Accountants’ (AICPA) CPA.com . Auditors must now understand how AI systems work, what data they use, and where biases might occur. That said, what AI is not is a replacement for human auditors along with their professional judgment and skepticism. It’s a tool for humans to use. A big, game-changing tool, but it’s a tool nonetheless. But the key to success is that auditors must remain central to the process. This changes everything Auditing is changing from a process defined by manual data checks, sampling, and periodic reviews to one based on automation, analytics and continuous insight. First of all, AI can automate routine work like data entry, reconciliation and report generation, reducing the risk of manual errors and freeing up auditors to spend more time on more complex activities that require critical thinking. Second, AI and machine learning tools can comb through mountains of data — including live data — and flag anomalies, spot unusual patterns and potential risks, and generally make compliance lapses and fraud signals easier to detect. AI also learns from the data it reviews, making it easier to flag suspicious patterns and transactions that are outside of the norm as its experience grows. Third is that AI means eventually the end of audit sampling, as AI tools can look at the whole data set in a way that human auditors cannot possibly do and immediately find the “needle in the haystack”! Fourth, that live data part is another key benefit of AI: real-time, continuous auditing is now possible. Instead of spending weeks or months reviewing records, exception reporting can happen immediately, giving management time to take corrective action before a material misstatement can occur. The result is that the relationship with clients changes from one of episodic annual reviews to continuous collaboration. That is shifting the auditor’s role from analyst to advisor. This changes nothing AI is radically changing how auditors work, but it hasn’t changed why they exist or the core responsibilities of the public accounting profession. Auditing is still focused on providing independent, reasonable assurance that financial statements do not contain any material misstatements, whether due to error or fraud. AI technology can add to auditors’ capabilities, but the core of the process still relies upon trust, transparency and accountability, which is why it is vital that auditors remain central to the process. The insights provided by AI are powerful, but their accuracy and completeness must still be determined by the review and validation of auditors applying professional skepticism and judgement. AI can flag anomalies but it cannot interpret intent, understand context or evaluate plausibility. AI can be taught to understand a client's business model, but it cannot interpret the realities that the business faces, like strategic shifts, market & cultural pressures, and regulatory environments. Data must be interpreted with human context. Also unchanged is that auditors are personally and professionally accountable for their opinions. AI is a wonderful tool, but auditors are still responsible for validating what the AI does, documenting their reliance upon those tools, and retaining control over final conclusions. Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
Man in suit typing on laptop with

Group Audit Standards Are Changing. Are You Ready?

October 1, 2025
Generally speaking, group audits should be far more common than they actually are! On top of that, the new group audit requirements kick in next year, with some major changes: They have created a whole new class of “referred-to” auditors that must be considered when performing a group audit. And it’s time and past time to start preparing for that now. The American Institute of Certified Public Accountants’ (AICPA) Auditing Standards Board (ASB) issued SAS 149 that revises the definition of a “component auditor” and takes an updated risk-based approach to planning and performing a group audit. Issued in March 2023, SAS 149 goes into effect for audits of group financial statements for periods ending on or after December 15, 2026. Before we get into that, it’s vital to know that numerous times, auditors miss the fact that a group audit is necessary in the first place. That’s because determining what is and isn’t a “component” can be simple, but it’s not always obvious. Depending on how management runs its operations, a company can be a single entity with two or more different business activities means a group audit is necessary. When dealing with a single entity, many times, auditors see a single business or business line and miss what is really a separate “component” requiring a group audit, unless they have a consolidation of two or more subsidiaries staring them in the face. The question you should be asking yourself is, does the company have multiple product lines, service lines, branches, or anything else where the CFO and the CEO of the company manage their operations by tracking the performance of those multiple product or service lines? Are there multiple locations or divisions? It doesn't necessarily mean the company has to have a subsidiary or another legal entity that they control. Auditors are required to use professional judgment to determine whether a business activity represents a component, regardless of whether it is a separate legal entity. The current standard Group financial statements can include aggregated financial information from entities or business units like branches or divisions. If business units with separate management, locations, or information systems are aggregating financial information, you need a group audit. Here are some examples: Combined financial statements, when for example two companies are owned by the same person Consolidated financial statements, in which a company owns another company A joint venture A company organized by geography, for example American, Canadian and European units, each with their own general ledger A company with different business activities where performance is tracked separately A company that reports an equity method investment on its balance sheet Look at business activities first and determine if they are significant in terms of dollar amounts, or materiality, or if there’s a high risk in that part of the operations. Follow the flow of the numbers! SAS 149 kicks in Alongside the work of component auditors cited — for whose work the group auditor is responsible — there’s a new category: Referred-to auditors These are secondary auditors, brought in to issue their own opinion on a particular part of the operations that the group auditor will reference in their work. The new group audit standards make clear that the work of the referred-to auditor is relied upon in the final group audit, but was not carried out by the group auditor. These referred-to auditors are not component auditors under the terms of SAS 149, Special Considerations — Audits of Group Financial Statements (Including the Work of Component Auditors and Audits of Referred-to Auditors). SAS 149 is effectively telling group auditors to say very clearly, “Hey, we didn’t look at this part of the operation but we are referring to and relying upon this opinion.” The new standards also make clear that component auditors are part of the engagement team, whereas referred-to auditors are not. Risks grow For all that, the addition of referred-to auditors is not SAS 149’s most significant change: It provides an updated risk-based approach to planning and performing group audits. Under the existing standard a group engagement team is required to identify significant components at which to perform audit work. However, SAS No. 149 directs the group auditor to use professional judgment in determining the components at which to perform procedures, based on assessed risks. Just like the auditor is required to use professional judgment in determining what should or shouldn’t be a group audit. Collemi Consulting leverages over three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.
Business meeting: diverse group around a conference table, discussing, laptop in center.

Getting Involved with Boards and Committees

August 20, 2025
Once you reach a certain point in your career, say five to ten years in, it’s a good time to start getting involved with professional organizations ranging from associations, not-for-profits and state boards and committees. There are a lot of benefits to getting involved in professional organizations that start with making new relationships and even getting new clients, but go far beyond that. There are plenty of soft skills to be learned from being active in your profession. One is simply learning how to deal with businesses, professional boards and with non-profits. These are organizations that will ultimately be important to you and your practice, and knowing how to navigate them is a skill that will stand you in good stead throughout your career. A good place to start is with your local chapter of your State Society, the National Society of Accountants (NSA) and American Accounting Association (AAA), as well as your state board of accountancy . But there are others as well, even local and state Chambers of Commerce . Benefits include: Refining existing skills: You will utilize skills like financial management, budgeting and bookkeeping in new contexts. Gaining leadership and project management experience: Volunteering often means taking on leadership roles and overseeing projects. Staying current with industry trends and regulations: Staying up-to-date is a byproduct of getting involved. Expanding professional networks: Volunteering provides the opportunity to meet and build relationships with other accountants and business executives, work with leaders in your field, and meet potential mentors. Building a strong reputation: Actively contributing to a board or committee can enhance your standing within your field, which can be valuable for gaining new clients and career advancement. Increasing visibility: getting involved in projects and committees distinguishes you from peers and can demonstrate a commitment to your career. Professional development : Many organizations offer professional education courses, workshops and conferences that go beyond your required continuing professional education (CPE) requirements. Credentials and certifications: Many industry organizations offer professional certifications and credentials that can help differentiate you from your peers. All of these benefits can be tied back into your career and professional development. As your involvement grows over time, so will the benefits. You’ll develop a professional network of likeminded leaders in their fields of expertise that will help you advance your career both inside and outside of the organizations for which you volunteer. And as your commitment to these organizations grows over time, so will your leadership in them. Committee memberships will become committee leadership, with the resulting increase in visibility and prestige. Participation at events will turn into speaking opportunities and a higher professional profile. You’ll have the opportunity to influence policy and the direction of your whole industry. Your professional network will expand with higher-level and more advanced professionals within your field over time. You’ll also build a stronger resume, one that demonstrates both your commitment to your field and your expertise in it. Working with organizations outside your professional field like a chamber of commerce or local/state government can bring many of these benefits as well: Networking and meeting potential new clients, raising the profile of yourself and your firm, and simply learning how to interact with businesspeople and executives outside the profession. Five or ten years into your professional life is a good time to start branching out a little bit and do work that’s outside your firm. Beyond all this, there is a sense of personal fulfillment that giving back to your profession and community can bring. It’s important to get involved in issues that are important to you. Collemi Consulting leverages over three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101. 
More Posts