Earmark CPE

Earn CPE Anytime, Anywhere

Abdullah Mansour

Stop Fighting the Same Audit Battles Year After Year

· ·

Those recurring review comments that keep popping up across your team? Sam Mansour, CPA, did the math and it should make every audit firm leader pay attention. When you multiply these small inefficiencies across your entire practice, they balloon into 1,000 hours of wasted time annually. That’s half a full-time position lost to preventable mistakes, year after year.

In this episode of Audit Smarter, hosts Sam and Abdullah Mansour explore how firms can transform their most frustrating pain points into powerful improvements. Rather than treating each mistake as an isolated problem, Sam shares a systematic approach that turns recurring challenges into opportunities for growth.

The Hidden Cost of Repeated Mistakes

Sam starts with a simple example: a staff member who keeps forgetting to include references from cash testing leads back to supporting check registers. It seems minor until you realize this same mistake is happening across multiple team members, multiple engagements, and multiple years.

“Without reflection, mistakes repeat,” Sam emphasizes. “Without capturing what we’ve learned, we’re almost guaranteed that they’re going to repeat themselves.”

The math becomes staggering when you look across an entire firm. Sam breaks it down. “Let’s say they’re 15-minute issues. If you multiply that by 1,000, now it’s starting to take a lot of time. Because it’s not just one person, but multiple people doing it across multiple engagements.” With an average person working 2,080 hours per year, those 1,000 hours of wasted time equal half a position.

What’s particularly frustrating is that these aren’t random, one-off errors. “Very rarely is it just this one person making this one mistake and you’re never going to see that mistake ever again from different team members,” Sam explains. “People tend to make similar mistakes.”

From Personal Notes to Firm-Wide Knowledge

Sam’s solution is simply to create a lessons-learned log. At the most basic level, this might be a Word document where a preparer titles a section “Cash” and documents specific review comments they receive.

“When you go and test that section again, you need to review your own work,” Sam explains. “You complete this testing in that cash section. Next, you need to realize, okay, I commonly forget to make the reference back from what I see in this lead schedule.”

But personal documentation is just the beginning. Abdullah suggests using OneNote for better organization. “OneNote helps organize it so that you can have one folder for one client,” he explains. “And then you can have several different pages essentially underneath that. So just organizes it a lot better. It’s like a file structure on a network.”

The real power comes when firms turn these individual insights into searchable, firm-wide resources. Sam shares his own recurring challenge with farm audits. “Every year I get into those work papers, I’ll be like, oh shoot, how did those journal entries work? What was that again? Because I only tested like one or two of these a year.”

The solution is to create what Sam calls “a trail of breadcrumbs,” detailed guidance that lives outside the formal audit documentation. This might include written instructions, screenshots of calculations, or even “record video of yourself talking about it.”

By organizing these resources into categories like planning, fieldwork, and wrap-up, firms create an institutional memory that helps everyone, but especially new team members who can access years of accumulated wisdom before their first engagement.

Post-Engagement Debriefs Can’t Be Optional

Sam acknowledges the common perception of post-engagement debriefs as just administrative work. Teams finish one audit and want to jump straight into the next, treating reflection as a luxury they can’t afford.

But Sam insists these debriefs are critical. Structure these meetings by asking three essential questions: What worked? What didn’t work? Where did we get stuck?

Timing matters enormously. “If you wait six months to ask what worked and what didn’t work during busy season, it’s difficult to recall all those little instances,” Sam explains.

The solution is to make debriefs mandatory. “Don’t make it an optional thing,” Sam insists. “We need to sit down, discuss, and reflect.”

These insights then translate into concrete improvements. Sam provides specific examples of how to use what you learn:

  • Update templates. Add conditional formatting that turns cells green when correct values are entered, creating visual confirmation that eliminates data entry errors.
  • Improve checklists. Sam says people like to complain about adding more things to the checklist. His response is practical: “We should continue to add things to the checklist until we stop missing them.”
  • Document compensating controls. In smaller environments where proper segregation of duties isn’t possible, teams often miss compensating controls. Sam’s solution is to put a header in the template that says Compensating Controls. Highlight that section in yellow, and force auditors to fill it out when they’re in the field.

Getting Your Team to Actually Buy In

“They’re filling out more paperwork. Their checklists are becoming longer, their templates are becoming longer. They’re asked to do more work. People get frustrated,” Sam says, acknowledging the pushback firms encounter.

The key to overcoming resistance is to explain the “why” behind every change. Using the compensating controls example, Sam shows how to frame it. Explain why smaller clients need these controls, how missing this documentation puts the firm at risk, and why this has emerged as a firm-wide trend.

Most importantly, show the math. “Yes, it takes an extra 15 minutes to fill out this work paper,” Sam quantifies, “but on the back end it costs us, on average, an hour. So we’re saving 45 minutes and we’ve improved our audit quality.”

Recognition matters too. “Recognize people who help us improve as a firm,” Sam emphasizes. When you publicly acknowledge team members who contribute ideas, it shows everyone that the firm values continuous improvement.

The payoff is clear when teams understand the bigger picture. “Improvement is easier to embrace when it’s linked to wins, not just extra tasks,” Sam explains. The wins include reduced hours, better documentation, less stress during peer reviews, and becoming better auditors overall.

Building a Culture Where Every Audit Makes You Stronger

The ultimate transformation happens when learning becomes part of your firm’s DNA. “We do work and then we reflect on that. What did we do good? What did we do bad? What needs to improve? What needs to change?” Sam describes. “We take those lessons learned and then we implement change in the firm. Now it’s an upgrade.”

This creates a powerful shift in how teams approach their work. “Eventually it becomes so ingrained in people that they go out into the field with that mentality from the very beginning,” Sam observes. “If you know you’re going to have that conversation, the next audit you go out on, you don’t want come to the next meeting and say, oh shoot, we missed this.”

The benefits extend beyond efficiency. Sam notes that when professionals evaluate career moves, they ask themselves if working at a firm will enhance their resume. “It’s really important to have a culture of learning, to have a culture of enhancing and moving forward,” he emphasizes.

Perhaps most remarkably, this approach transforms the audit environment itself. “I have found audit environments like that are much less stressful to be in because everyone’s just so ahead of the game and so proactive,” Sam reflects.

Some might think this vision sounds unrealistic, but Sam addresses this directly. “For a lot of audit firms listening to this, they’re thinking this is an unrealistic dream. But it’s very realistic if the people in the firm buy into this idea.”

Over time, Sam promises, “your audit methodology becomes smarter, more efficient and more resilient because now you’re not just digging holes and going home. You’re you’re thinking it through.”

Turn Your Next Review Comment Into Progress

The difference between firms that fight the same battles year after year and those that continuously improve isn’t talent or resources. It’s the discipline to capture, analyze, and act on lessons learned.

Sam’s framework shows every review comment, debrief insight, and team suggestion can strengthen your entire firm. When you transform individual experiences into institutional knowledge, optional debriefs into mandatory investments, and isolated improvements into a learning culture, each audit makes your firm stronger.

Ready to stop losing productivity to preventable mistakes? Listen to the full episode for detailed frameworks and additional examples.

Your Best Audit Findings Hide Behind the Questions You Never Ask

· ·

Picture this: A controller walks an auditor through their revenue recognition process, casually mentioning a manual journal entry they make at year-end to “true things up.” That offhand comment—captured only because the auditor asked an open-ended question rather than a checklist query—led to uncovering improper revenue recognition that would have otherwise gone undetected.

In this episode of Audit Smarter, host Abdullah Mansour sits down with Sam Mansour, CPA, to explore an often overlooked aspect of auditing: the art of asking effective questions. Through their conversation, they reveal how the most basic tool in an auditor’s toolkit can make the difference between surface-level compliance work and truly understanding a client’s operations.

As Sam points out early in the discussion, “The quality of the answers we get is only as good as the questions we ask.” This principle shapes everything that follows, from why traditional yes-or-no questions fail to practical techniques for creating an environment where clients willingly share critical information.

Why Yes-or-No Questions Sabotage Your Audits

The most common mistake auditors make starts with two simple words: “Did you?” As Sam explains, yes-or-no questions create a trap that undermines the entire purpose of audit inquiries. They push clients toward specific answers and provide almost no insight into actual processes and controls.

Consider the typical scenario Sam describes: an auditor asks, “You reviewed this reconciliation, right?” The client faces an almost impossible choice. “What are they going to say? No?” Abdullah observes during the conversation. Sam agrees. “They almost have to say yes, even if they’re lying.” The phrasing practically forces a “yes” response, but even when that answer is truthful, what has the auditor actually learned?

“Let’s say they did review the reconciliation and the answer is actually yes,” Sam continues. “So you say, ‘You review this reconciliation, right?’ Then they say, ‘Yes, I did.’ It’s like, well, that’s it, right? You’re done.”

Instead of asking whether someone reviewed a reconciliation, Sam suggests a different approach: “Walk me through how you review the reconciliations. What do you look for? What happens if it’s off?” This reframing transforms a binary checkpoint into a window into the client’s actual processes.

The power of this approach became crystal clear in Sam’s story about uncovering improper revenue recognition. During a routine inquiry, he asked a controller to walk him through their revenue recognition process. The open-ended question invited explanation rather than confirmation. “Midway through, they casually mentioned a manual journal entry they made at year end to true things up,” Sam recalls. “That comment led to further testing and uncovered improper revenue recognition. If I hadn’t asked that open-ended question, we would have missed it.”

But there’s an art to crafting these questions. Sam warns against being too broad. For example, asking about “internal controls in general” leaves clients unsure where to start. He also cautions against cramming multiple questions into one. “Sometimes people will ask you like three different questions in one shot,” he notes. “And it’s really hard to remember what was number two or number three.”

The sweet spot? Be specific about the area you’re investigating, but open about how you want it explained. For example: “How do you receive cash in that specific area?”

Moving from yes-or-no questions to open-ended inquiries is just the first step. The real challenge is creating an atmosphere where clients feel comfortable sharing detailed, honest information.

The “New Employee” Technique That Changes Everything

Technical knowledge alone won’t extract meaningful information from clients. As Sam demonstrates through his eight years of field experience, the key lies in how you position yourself during the inquiry.

“When I’m doing these inquiries,” Sam explains, “I’m like, look, I understand how payroll generally works really well, but I don’t understand how you do it here. That’s very new to me. And so I want you to pretend like I know nothing about payroll, pretend like I’m brand new to this, and you’re explaining it to someone for the first time.”

Abdullah immediately grasps the value, “As if you’re a new employee to their firm.” This positioning accomplishes two objectives. First, it prevents clients from assuming the auditor already knows their processes and therefore skipping crucial details. Second, it reduces the threat level of the interaction.

“You don’t want to fill in gaps in the process,” Sam explains. “Maybe they don’t explain specific things to you because it’s like, well, that’s just how it’s done for payroll, right? Of course. But the thing is, what if they don’t actually do it like that?”

The physical and tonal elements matter just as much as the words. Sam paints a vivid picture of what not to do. “If someone walks in and they cross their arms and put on a frowny, unpleasant face, that body language and tone definitely gives you the feeling they’re unapproachable.”

But swinging too far in the other direction creates its own problems. “You don’t want to become their best friend in the whole wide world,” Sam warns, “because then if you have to write them up for a finding or communicate bad news in the future, you might feel uncomfortable doing that.”

The solution is what Sam calls being “professional but approachable.” He starts meetings with simple human touches like asking about their weekend, checking if it’s a good time to meet, and crucially, asking if clients have questions about the audit before diving into his own inquiries. “Giving them the opportunity to  ask why we’re doing certain things makes them feel good.”

One of Sam’s most powerful techniques is the strategic use of silence. “Clients often fill the space with valuable content,” he notes. “If you ask a question and give room for pause, they might feel a little bit uncomfortable and start giving you more information.”

The danger of getting the approach wrong becomes clear in Sam’s cautionary tale about a staff auditor who burst into the conference room declaring, “I know we have a finding in this area. I know there’s a problem here.” The aggressive approach damaged the client relationship and led to an incorrect conclusion. The auditor missed compensating controls that actually addressed the perceived gap.

“When they were doing the inquiries, they came off as a little arrogant and accusatory,” Sam recalls. The client later confided that this approach “kills the conversation really quick.”

Different personality types require different strategies. Some clients barely speak, requiring you to seek information from other sources or approach them with very specific questions. Others flood you with information. “Sometimes you have to rein them in if they’re more on the chatty side,” Sam advises. “Don’t be afraid to control the conversation a little bit.”

These interpersonal skills don’t develop automatically. They require deliberate practice and a commitment to continuous improvement—even for senior professionals.

Practice, Preparation, and the Path to Mastery

The gap between knowing how to ask better questions and actually doing it in the field is larger than most auditors realize. Sam references Neil Rackham’s book “SPIN Selling” to illustrate this point. “If you’re trying to train yourself to sell, don’t use something you’ve just learned on a big deal because it’s not familiar to you. It’s going to be kind of clunky.”

The same principle applies to audit inquiries. Entry-level auditors are unfamiliar with clients and uncomfortable with fieldwork and the expectation to ask potentially invasive questions. “It’s not just potentially uncomfortable for the client,” Sam acknowledges, “it’s probably uncomfortable for you.”

His solution might surprise those used to traditional accounting training: role-playing. Picture a lunch meeting where team members practice asking each other the same questions they’ll pose to clients. The senior auditor observes, catching those yes-or-no questions before they become habits.

“You want to be able to hear yourself saying the question and feel comfortable with those questions coming out of your mouth,” Sam explains. He uses payroll as an example. After ten years, asking for everyone’s pay scale feels routine, but “as an entry-level person, you might think, oh, it’s really strange to ask them to give me the pay scale for everyone that works here.”

Abdullah agrees:, “Role playing is one of the most helpful things I’ve done in certain situations.”

Preparation extends beyond practice sessions. Sam strongly advocates for developing questions in advance, challenging the notion that spontaneous inquiries appear more confident. “If you go into an inquiry and you’re just winging it, it could be very unprofessional.”

His reasoning is practical. When dealing with a difficult or unresponsive client, having prepared questions serves as both a roadmap and a safety net. “At least when you walk away from that inquiry, you have achieved your goal of asking the right questions,” he explains. The alternative—having to return for follow-up questions on the same topic—triggers a cascade of problems, from client complaints to difficult conversations with audit partners.

Active listening requires its own skill development. Sam describes maintaining a notepad during inquiries, jotting down items that need follow-up but resisting the urge to interrupt. “You don’t want to stop them and say, ‘Show me that journal entry.’ You want them to just keep going.”

The learning curve extends throughout an auditor’s career. “For a partner or manager to think they’ve achieved the highest level of skill in this field is somewhat unrealistic,” Sam observes. 

This matters because teams watch their leaders. Sam recalls being an early-career auditor, observing every interaction between partners and clients because those conversations typically involved “more sophisticated or important things.”

Yet formal training in this area is scarce. “Unfortunately, I don’t think there’s a lot of great CPE out there on the skill of strong inquiries,” Sam laments. This gap forces motivated professionals to seek resources outside traditional accounting education, including from books on sales, negotiation, and communication.

The payoff extends far beyond audit quality. “Being able to uncover key details in your personal life, professional life, at the client, in your own organization, it’s just so critical,” Sam reflects. 

Your Next Steps Toward Better Audit Inquiries

The journey from checkbox auditor to strategic advisor doesn’t require mastering new accounting standards. As Sam demonstrates, it requires three fundamental shifts in how we approach asking questions.

First, abandon yes-or-no questions in favor of open-ended inquiries that reveal what clients do and how and why they do it. Second, cultivate an environment of professional approachability—warm enough to encourage dialogue, professional enough to maintain objectivity. Third, treat inquiry skills as a career-long development priority, not a soft skill you’ll somehow absorb over time.

Sam’s final advice brings it all together. “Be approachable, but be professional. If you’re not professional, it derails the inquiries. If you’re not approachable, it also derails the inquiries.”

These aren’t just nice-to-have communication techniques. The controller who mentions those year-end “true-up” entries won’t share that information with someone who makes them feel defensive. The employee who knows where the real control gaps exist won’t confess them to someone asking yes-or-no questions from a checklist.

For audit professionals, the quality of audit findings will never exceed the quality of your questions. Whether you’re preparing for your first solo client inquiry or you’ve been asking the same questions for decades, there’s always another level to achieve.

Ready to transform your audit approach? Listen to the full episode of “The Art of Audit Inquiries: Asking Better Questions” on Audit Smarter to hear Sam’s complete framework for handling difficult clients, managing different personality types, and knowing when to pivot your approach. Your next significant audit finding might be just one well-crafted question away.

Perfect Audit Work Means Nothing Without This One Critical Skill

· ·

“If it’s not documented, it didn’t happen.”

This statement from a government auditor stopped Sam Mansour cold during his career, and it should stop you, too. Say you’ve just completed four hours of meticulous audit work, but your reviewer spends an hour trying to decipher what should take 15 minutes to review. That’s not just frustrating; it’s a documentation failure that could sink an otherwise excellent audit.

In a recent episode of the Audit Smarter podcast, hosts Abdullah Mansour and Sam Mansour, CPA, explain why documentation is a persistent weakness in audit files across firms of all sizes. Despite years of training and countless review comments, auditors continue to treat this critical skill as an afterthought—a box to check after the “real work” is done.

When Great Audits Fail

Auditors spend hours conducting fieldwork, asking all the right questions, pulling perfect samples, and demonstrating exceptional professional skepticism. Yet months later, during a peer review, the work receives a failing grade.

Why? Documentation so unclear reviewers couldn’t understand what they actually did.

“If you don’t document it properly, how is anyone supposed to know what you actually did?” Sam asks. “You could say you audited certain sections. You could say you did these procedures, but if you don’t actually document that in a memo and show the work that you did, it’s really difficult for anyone to follow.”

Documentation is the sole evidence of audit quality, so it’s more than a compliance requirement; it’s “how you tell the story of that audit.”

The Four Essential Questions

Every work paper must answer four questions to tell that story effectively:

  1. What was tested?
  2. Why was it tested?
  3. How was it tested?
  4. What were the results?

These are the minimum requirements for documentation that can stand on its own. Yet Sam regularly encounters work papers that fail to answer even one of these questions clearly.

Consider Sam’s experience auditing farm accounting, where crop harvesting created unusual transactions. Rather than simply verifying journal entries and moving on, he documented how the industry worked and retained professional literature explaining the accounting treatments. “Instead of just verifying the journal entry and moving on, I actually retained documentation showing why that journal entry was proper,” he explains.

Too often, Sam encounters the opposite: PDF files dropped into audit folders with zero context. “You open up a PDF file and you’re like, well, what is this thing?” Even when a document clearly displays “depreciation schedule,” without annotations explaining which procedures were performed or how it links to other work papers, it’s useless.

The problem also extends to client communications. Sam frequently sees emails from clients copied directly into audit files without any auditor analysis. “A client provides an explanation of something via email. We’ll grab that email and stick it into the audit file. And it’s like, okay, so what is this?”

The Hidden Cost Multiplier

When Sam pulls a team member into his office to discuss documentation, the conversation often starts with simple math. 

Work that takes four hours to perform should require only 15-20 minutes to review when properly documented. But poor documentation forces reviewers to spend four times that amount. “You are making me work harder,” Sam emphasizes. “It’s literally taking me four times as long because your documentation is so confusing.”

This time multiplication is even more costly when you consider billing rates. Reviewers often bill at nearly double the rate of preparers. When poor documentation forces a manager to spend an hour instead of 15 minutes on review, the budget impact isn’t just the extra 45 minutes—it’s 45 minutes at a significantly higher rate.

But time and money are only surface-level costs. The deeper damage occurs when overwhelmed reviewers can no longer catch critical issues. “You increase the risk of audit deficiencies during a peer review or inspection,” Sam warns, “because you’re making it so much harder for the reviewers to catch everything.”

The Learning Gap

Perhaps the most insidious cost is the lost learning opportunity. When documentation is vague, reviewers can’t provide specific, actionable guidance.

“If you detailed it out step by step, a reviewer could say, ‘Hey, did you think about this step?’ or ‘Why don’t you consider doing this?”‘ Sam explains. “But when it’s vague, it’s like, I have no idea what you did.”

This feedback vacuum stunts professional development. A team member once told Sam that review comments felt overwhelmingly negative: “There’s never any positive feedback. It’s always negative.” While Sam initially dismissed this as just part of the process, he later recognized that when documentation is consistently poor, the review process becomes purely corrective rather than developmental.

The career implications are severe. “When people in auditing are disorganized and don’t document well, the disorganization comes through in their documentation,” Sam observes. “And if you’re trying to rise up through the ranks, it’s not a good sign.”

Building Documentation Excellence

“Document as you go. Document as you go. Document as you go.”

Sam repeats this mantra three times for emphasis, calling it “one of the biggest pitfalls for myself and for other people.” The memory problem is more severe than most auditors realize. “Your memory is not as great as you think it is,” Sam warns. “You lose bits and pieces as time passes.”

Creating Standalone Work Papers

The solution is to build documentation habits throughout the workday. “Think of every work paper as a standalone work paper,” Sam emphasizes. Each document needs clear annotations explaining what it is, why you included it, and how it connects to other work papers.

For example, when pulling in a depreciation schedule provided by the client, don’t just drop it into the folder. Add annotations explaining its purpose and link it to related testing documentation. This bi-directional linking creates what Sam calls “breadcrumbs” that allow reviewers to follow the audit trail effortlessly.

The Self-Review Strategy

Sam offers a useful tip for learning from feedback: “Open up a Word document, and when you get review comments, copy them into that document.” Label each comment by work paper reference. Before submitting future work in similar areas, consult this personal feedback log.

“Look through the review comments you received last time and see if they apply to this work paper,” Sam suggests. This prevents reviewers from having to give the same feedback repeatedly, which can be a major source of frustration.

With today’s technology, there’s no excuse for poor documentation habits. “You can record and get transcriptions of calls. You can take notes on your phone. You can take notes on your computer,” Sam notes. “There’s no reason other than—I’m going to be honest—laziness.”

Templates and Coaching

Templates are another helpful tool, but Sam cautions against using them blindly. “You can leverage templates to guide you through the process,” he explains. When creating standardized emails, add personal touches: “Hey, how was the trip last year?” before transitioning to standard language.

For managers, the key is coaching rather than just correcting. “Walk them through well-documented files to show them what good documentation looks like,” Sam advises. When someone does exceptional work, “point out the win” during wrap-up meetings. This positive reinforcement creates a culture that celebrates good documentation rather than merely criticizing poor documentation.

Your Path Forward

Documentation determines whether your audit succeeds or fails, and Sam’s framework for excellence is surprisingly straightforward:

  1. Every work paper must stand alone – readable without hunting through other files
  2. If reviewers need to ask questions, it’s not done – documentation should answer everything
  3. Remember the triple benefit – good documentation reduces stress, speeds reviews, and protects the firm

The choice is yours. You can continue treating documentation as an annoying afterthought, forcing reviewers to waste hours deciphering your work while your career stagnates. Or you can implement these strategies, transforming documentation from your greatest weakness into your most powerful professional asset.

Want to dive deeper into these documentation strategies? Listen to the full episode of the Audit Smarter podcast, where Sam and Abdullah share additional techniques and real-world examples to transform your approach to audit documentation. Your future self (and your reviewers) will thank you.

Why Your Audit Fails Before Fieldwork Even Starts

· ·

“Some audits are doomed before the fieldwork even begins.”

In Episode 2 of Audit Smarter, Sam Mansour cuts to the heart of a problem many audit professionals face but don’t fully understand. You’ve been there: an experienced team, solid procedures, and a reasonable budget. Yet somehow, the engagement still feels like constantly playing catch-up. Testing seems disconnected. Risks surface at the worst possible moment. Partners ask questions during review that should have been answered weeks ago.

The culprit? Poor risk assessment that undermines everything that follows.

Most audit professionals understand risk assessment is important, but few realize how dramatically it shapes their engagement. Mansour explains, “The risk assessment drives the entire audit approach. And if we misidentify or overlook specific audit risks, your testing could be misaligned, and you could waste time. But even more concerning, you might miss material misstatements.”

Here’s what’s happening across the profession and, more importantly, what you can do about it.

Why Risk Assessment Gets the Short End of the Stick

The problem isn’t that auditors don’t know how to assess risk. It’s that firms have systematically devalued this critical phase, treating it as administrative overhead rather than the strategic foundation it actually is.

“Many teams view planning just as a compliance step and not as a strategic one,” Mansour observes. Budget pressures and efficiency demands create an environment where teams feel pushed to rush through risk assessment. “We devalue the risk assessment phase. We think of it as a textbook thing. Let’s just check some boxes and move on.”

This leads to what Mansour calls “pencil whipping,” mechanically completing checklists without genuine thought or analysis. The evidence shows up everywhere in audit files: work paper references that don’t make sense, incorrect years, or references to people who no longer work at the organization.

“It’s pretty clear it’s been rolled forward,” Mansour notes. “And it’s also very clear no one read through it.”

When external reviewers, whether peer reviewers or regulators, see this kind of documentation, it immediately raises red flags. “As a peer reviewer, you look at some of these risk assessments, and it’s crystal clear they just rolled this from last year and they didn’t even look at it,” he explains. “You’re probably going to be pretty strict when you’re looking at the rest of that file because clearly these guys are just rolling from the prior year.”

The pressure to be “efficient” in planning creates a dangerous cycle where the foundation of the audit becomes weaker, making it much harder to execute proper testing throughout the engagement.

5 Common Mistakes That Derail Audits

Understanding where things typically go wrong helps you avoid these pitfalls in your own engagements. Mansour identifies several patterns that consistently create problems.

Generic, Template-Driven Approaches

When risk assessments are generic and not customized to the specific client, the walkthroughs and procedures that follow suffer. “If we are general or vague in our identification of risks, it results in generic audit procedures,” Mansour explains.

Copying Prior Year Without Thinking

Using prior-year documentation as a starting point makes sense, but many teams go too far. They simply copy everything over with minor adjustments, becoming “a little complacent, a little lazy” in the rollover process. A better approach is to use prior-year information as a guide but take a fresh perspective on the current year.

Failing to Link Risks to Procedures

One “gut-wrenching” moment in an audit review happens when the audit team identifies risks in checklists, but no corresponding procedures address them. “You identified this risk, but what did you do about it?” This mistake exposes fundamental gaps in audit logic.

Superficial Inquiries

Take related party transactions, for example. Many auditors accept a simple “we have none” from the client and move on. But as Mansour points out, “that’s not sufficient.” Instead, “auditors should dig into board minutes, vendor relationships, and ownership records” to understand whether related parties exist and what transactions might occur.

Misusing Junior Staff

Sending inexperienced team members to conduct walkthroughs without proper guidance is a recipe for problems. Junior staff might identify three issues out of ten while missing critical problems that experienced auditors would catch immediately. “Sometimes you need experience to tell you, you’re looking at ten different things and eight of them are going to be a problem and two of them are not,” Mansour explains.

The solution isn’t to avoid using junior staff. It’s to pair them with experienced team members who can provide real-time guidance and fill in the gaps.

Practical Tools to Strengthen Your Risk Assessment

The good news is that these problems are entirely fixable with the right approach and tools. Here’s what works:

  • Dynamic checklists. Move beyond simple checkbox exercises to checklists that challenge teams to collect new information and think deeply about what they find. Ask different types of questions that force auditors to go beyond surface-level inquiries.
  • Structured brainstorming sessions. Don’t just conduct one brainstorming session and call it done. Mansour recommends peppering collaborative discussions throughout the engagement. “Have the engagement team go out to lunch and consider that part of your brainstorming activity,” he suggests. These sessions force teams to share knowledge and often uncover overlooked areas.
  • Early data analytics. Instead of treating analytics as nice-to-have add-ons, deploy them “immediately after engagement acceptance,” Mansour advises. His approach: “Give me your trial balance, and I will do some data analytics on it right from the get-go.” This generates specific issues to investigate before client meetings, allowing you to connect numbers to client stories strategically.
  • Simple intelligence gathering. Something as basic as Googling your client’s name can reveal critical information, yet “a lot of auditors won’t even do that,” Mansour observes. “You’d be shocked at some of the stuff” these searches uncover. Review prior audit findings, look for industry changes, and stay current on client updates.
  • Collaborative team approach. Instead of having one person update risk assessment documentation alone, assign different sections to different team members. This ensures multiple people read through and think about the content, rather than having it all flow through one person who might miss important details.

What Separates Top Performers

Firms that consistently execute superior risk assessments share several key characteristics that set them apart.

They Treat Risk Assessment as a Mindset

“Top performers treat risk assessment as a mindset, not just a task,” Mansour explains. “They understand that there’s value in risk assessments. It’s not just a checkbox on their list.” Their teams are intellectually curious rather than robotic, but this requires giving people adequate time and breathing room to think deeply.

They Create Collaborative Environments

These firms don’t silo team members into individual sections. Instead, they “connect the dots between client goals, internal controls, and audit processes with purpose.” Team members actively consider how discoveries in one area impact testing in others, creating a comprehensive understanding that reduces risk while improving efficiency.

They Invest in Proper Mentorship

Rather than throwing junior staff into complex situations alone, top performers create systematic mentorship structures. They pair junior staff with experienced seniors who provide real-time guidance, immediate field discussions, and progressive responsibility increases.

They Focus on Custom Solutions

Elite performers avoid generic approaches entirely. They tailor audit plans to each client and engagement year. Their team members can explain their logic clearly without defaulting to “it’s what we were told” or “it’s what we did last year.”

Three Changes to Make Right Now

If your firm wants to improve immediately, Mansour recommends focusing on these three foundational changes:

  1. Slow down in the planning process and allow for deeper team discussions. Invest upfront time that prevents downstream scrambling and quality issues.
  2. Ensure walkthroughs include a formal evaluation of control effectiveness with documentation customized to the specific client and current year rather than generic templates.
  3. Critically assess each risk and match it to custom procedures designed to address it, eliminating the disconnect between identified risks and actual testing approaches.

How You Know You Got It Right

Success in risk assessment is measurable through specific indicators. Your audit plan should be tailored, not generic. This demonstrates genuine client-specific thinking rather than template dependency. Your team members should be able to explain their logic clearly and provide substantive reasoning for their approaches.

Most importantly, when partners or regulators review your documentation, they should be able to “read your risk assessment and understand the rationale,” as Mansour puts it. They should see a clear narrative and strategic thinking rather than dry, templated responses.

If your team can’t explain their logic, or if external reviewers see obvious evidence of rolling forward prior year templates, you’re still in checkbox mode rather than strategic thinking mode.

The Foundation Makes the Difference

Risk assessment isn’t preliminary work that happens before the “real” audit begins. It’s the foundation that determines whether your entire engagement succeeds or struggles. As Mansour explains using a gardening analogy, if the risk assessment seed “doesn’t get planted properly, if it’s not cared for properly, it sets you up for failure.”

Firms that recognize this and invest accordingly create sustainable competitive advantages through systematically superior approaches to this critical phase.

The strategies and tools we’ve covered are proven approaches to transform your risk assessment process from liability into a strategic advantage. However, implementation requires commitment to changing how your firm approaches and uses its resources for this foundational work.

Ready to dive deeper into these risk assessment strategies and discover the specific frameworks top performers use? Listen to the full episode of Audit Smarter for Sam Mansour’s complete insights on transforming your approach to risk assessment and elevating your audit practice.