October 1, 2021

Getting Ready for Your Next Internal Inspection!

Every three years, most CPA firms and sole practitioners go through a mandatory peer review of their accounting & auditing (A&A) practice as outlined in the AICPA Peer Review Program.

During the two-off years, CPA firms are required to perform their own monitoring procedures to ensure their system of quality control is properly designed and operating effectively. Collemi Consulting has leveraged its 20-plus years of experience assisting CPA firm practice leaders to prepare for this rigorous oversight during the “breather” that follows busy season by having such services outsourced.


Designed to assess the quality of a firm’s audit approach, an internal inspection, just like a peer review, considers the leadership, culture and other elements of quality control attributes by analyzing a “snapshot” of its activities. The inspection involves more than just revisiting recently issued attest engagements — instead, it’s a matter of analyzing the CPA firm’s attest practice’s operations.


To prepare for your next peer review, CPA firms should consider establishing an ongoing system of monitoring and quality control, as outlined in the AICPA’s Statement on Quality Control Standard No. 8. The firm’s system of quality control should encompass the following six elements:

  • Leadership responsibility for quality within the firm (“tone at the top”)
  • Relevant ethical requirements
  • Acceptance and continuance of client relationships and specific engagements
  • Human resources
  • Engagement performance
  • Monitoring


Our Testing Approach

To assist CPA firms with this process, we’ve created a “must do” testing approach: from drafting and reviewing your firm’s Quality Control Document, to interviewing and evaluating your professional staff, policies and procedures.

Here are some examples of the areas we test during the inspection:

  • Reviewing your firm’s Quality Control Document;
  • Reviewing of a cross section of attest engagements;
  • Testing of professionals’ CPA licensing;
  • Testing of independence of partners and professional staff;
  • Testing of professionals’ CPE requirements;
  • Examine firm’s professional literature;
  • Test state licensing requirements;
  • Interviewing professional staff regarding their understanding of policies and procedures


Internal monitoring tasks should be assigned to qualified individuals with appropriate technical training and proficiency, and results of the internal monitoring should be communicated to appropriate firm personnel.


Most of the practices we’ve advised get some things right, but almost all of them miss some key points. Common pitfalls include lack of understanding of the auditor independence rules, particularly regarding unpaid prior years’ fees, and not meeting the General Requirements prior to performing permissible non-attest services for an attest client.


Other missteps include a failure to appropriately modify a report for a scope limitation or a significant departure from GAAP, omissions of required critical reporting elements of applicable standards, and issuing an audit report when the auditor was in fact not independent.

Learn More

Testing of Non-Standard Journal Entries to Identify Questionable Transactions

By Jennifer Ruf March 24, 2025
As audit season is in high gear, it’s important for auditors to step back and plan how they are going to audit a client’s books and records. What are the red flags you’re looking for when it comes time to throw open the books and look through a huge swath of journal entries to pluck out the ones that are questionable, and need to be questioned? First off, it’s important to understand how journal entries are created at the company being audited. For an auditor, that means looking at the internal control environment to understand how a journal entry is created: Who’s authorized to create one and who can create one. You have to understand the process. How does it start and how is the entry eventually recorded onto the financial reporting system? Once you know that, you can determine whether someone can come in and override the system, or if someone can pretend to be someone else and start recording journal entries onto the system. That will help you figure out what to look for to decide what entries to pull out and ask management to get back up information to support and validate those entries. Finding the needle The key here is not to just go through the mechanics, but to really go through the exercise so you can determine if management is playing games in the recording of those transactions. You have to be able to get comfortable with that, and that means you need to be able to document what you’re looking for. Because what the auditor is really doing is looking for a “needle in the haystack”, to identify the transactions that don’t look right, that don’t make sense in the ordinary course of business. For example, if the business is not open on weekends, are transactions being posted on a Saturday or Sunday, or even on holidays? If you see rounded numbers or accounts that are seldom used, those can be red flags as well. Sometimes it can be as simple as asking managers and others like accounting, data entry and IT personnel if they’ve observed any unusual accounting entries. Depending on the size of the company and scope of the work, you might need to use computerized audit software program — some of them with AI built in — that can scan the entries to identify anomalies. Red flags When an auditor is looking for evidence of management override of controls, they can look for some of these 12 red flags indicators: ● Top-side entries ● Entries made to unrelated, unusual or seldom-used accounts ● Entries made by individuals who typically don't make entries. ● Entries recorded at the end of the period ● Post-closing entries with no explanations ● Entries made before or during the preparation of financial statements with no account numbers ● Entries that contain rounded numbers or a consistent ending number ● Entries processed outside the normal course of business ● Accounts that contain transactions that are complex or unusual in nature ● Accounts that contain significant estimates and period-end adjustments ● Accounts that have been prone to errors in the past ● Accounts that contain intercompany transactions When testing non-standard journal entries and other adjustments, you should look for documentary evidence indicating that they were properly supported and approved by management. Finally, remember that while most fraudulent entries are made at the end of a reporting period, you shouldn't ignore the rest of the year  Collemi Consulting leverages nearly three decades of experience to provide trusted technical accounting and auditing expertise when you need it the most. We regularly work with CPA firm leadership to help them reduce risk and maximize efficiencies. To schedule an appointment, contact us at (732) 792-6101.

It’s Time For Year-End Audits

December 20, 2024
Are you prepared?
A woman's hands holding a microphone

Shake It Off

December 9, 2024
Conquer your fear of public speaking and present like a pro
Man with hand by his ear straining to listen.

Hear, Hear!

December 4, 2024
Boost your business by becoming adept at active listening.
More Posts