Earmark CPE

Earn CPE Anytime, Anywhere

Audit Smarter

Why Your Audit Fails Before Fieldwork Even Starts

· ·

“Some audits are doomed before the fieldwork even begins.”

In Episode 2 of Audit Smarter, Sam Mansour cuts to the heart of a problem many audit professionals face but don’t fully understand. You’ve been there: an experienced team, solid procedures, and a reasonable budget. Yet somehow, the engagement still feels like constantly playing catch-up. Testing seems disconnected. Risks surface at the worst possible moment. Partners ask questions during review that should have been answered weeks ago.

The culprit? Poor risk assessment that undermines everything that follows.

Most audit professionals understand risk assessment is important, but few realize how dramatically it shapes their engagement. Mansour explains, “The risk assessment drives the entire audit approach. And if we misidentify or overlook specific audit risks, your testing could be misaligned, and you could waste time. But even more concerning, you might miss material misstatements.”

Here’s what’s happening across the profession and, more importantly, what you can do about it.

Why Risk Assessment Gets the Short End of the Stick

The problem isn’t that auditors don’t know how to assess risk. It’s that firms have systematically devalued this critical phase, treating it as administrative overhead rather than the strategic foundation it actually is.

“Many teams view planning just as a compliance step and not as a strategic one,” Mansour observes. Budget pressures and efficiency demands create an environment where teams feel pushed to rush through risk assessment. “We devalue the risk assessment phase. We think of it as a textbook thing. Let’s just check some boxes and move on.”

This leads to what Mansour calls “pencil whipping,” mechanically completing checklists without genuine thought or analysis. The evidence shows up everywhere in audit files: work paper references that don’t make sense, incorrect years, or references to people who no longer work at the organization.

“It’s pretty clear it’s been rolled forward,” Mansour notes. “And it’s also very clear no one read through it.”

When external reviewers, whether peer reviewers or regulators, see this kind of documentation, it immediately raises red flags. “As a peer reviewer, you look at some of these risk assessments, and it’s crystal clear they just rolled this from last year and they didn’t even look at it,” he explains. “You’re probably going to be pretty strict when you’re looking at the rest of that file because clearly these guys are just rolling from the prior year.”

The pressure to be “efficient” in planning creates a dangerous cycle where the foundation of the audit becomes weaker, making it much harder to execute proper testing throughout the engagement.

5 Common Mistakes That Derail Audits

Understanding where things typically go wrong helps you avoid these pitfalls in your own engagements. Mansour identifies several patterns that consistently create problems.

Generic, Template-Driven Approaches

When risk assessments are generic and not customized to the specific client, the walkthroughs and procedures that follow suffer. “If we are general or vague in our identification of risks, it results in generic audit procedures,” Mansour explains.

Copying Prior Year Without Thinking

Using prior-year documentation as a starting point makes sense, but many teams go too far. They simply copy everything over with minor adjustments, becoming “a little complacent, a little lazy” in the rollover process. A better approach is to use prior-year information as a guide but take a fresh perspective on the current year.

Failing to Link Risks to Procedures

One “gut-wrenching” moment in an audit review happens when the audit team identifies risks in checklists, but no corresponding procedures address them. “You identified this risk, but what did you do about it?” This mistake exposes fundamental gaps in audit logic.

Superficial Inquiries

Take related party transactions, for example. Many auditors accept a simple “we have none” from the client and move on. But as Mansour points out, “that’s not sufficient.” Instead, “auditors should dig into board minutes, vendor relationships, and ownership records” to understand whether related parties exist and what transactions might occur.

Misusing Junior Staff

Sending inexperienced team members to conduct walkthroughs without proper guidance is a recipe for problems. Junior staff might identify three issues out of ten while missing critical problems that experienced auditors would catch immediately. “Sometimes you need experience to tell you, you’re looking at ten different things and eight of them are going to be a problem and two of them are not,” Mansour explains.

The solution isn’t to avoid using junior staff. It’s to pair them with experienced team members who can provide real-time guidance and fill in the gaps.

Practical Tools to Strengthen Your Risk Assessment

The good news is that these problems are entirely fixable with the right approach and tools. Here’s what works:

  • Dynamic checklists. Move beyond simple checkbox exercises to checklists that challenge teams to collect new information and think deeply about what they find. Ask different types of questions that force auditors to go beyond surface-level inquiries.
  • Structured brainstorming sessions. Don’t just conduct one brainstorming session and call it done. Mansour recommends peppering collaborative discussions throughout the engagement. “Have the engagement team go out to lunch and consider that part of your brainstorming activity,” he suggests. These sessions force teams to share knowledge and often uncover overlooked areas.
  • Early data analytics. Instead of treating analytics as nice-to-have add-ons, deploy them “immediately after engagement acceptance,” Mansour advises. His approach: “Give me your trial balance, and I will do some data analytics on it right from the get-go.” This generates specific issues to investigate before client meetings, allowing you to connect numbers to client stories strategically.
  • Simple intelligence gathering. Something as basic as Googling your client’s name can reveal critical information, yet “a lot of auditors won’t even do that,” Mansour observes. “You’d be shocked at some of the stuff” these searches uncover. Review prior audit findings, look for industry changes, and stay current on client updates.
  • Collaborative team approach. Instead of having one person update risk assessment documentation alone, assign different sections to different team members. This ensures multiple people read through and think about the content, rather than having it all flow through one person who might miss important details.

What Separates Top Performers

Firms that consistently execute superior risk assessments share several key characteristics that set them apart.

They Treat Risk Assessment as a Mindset

“Top performers treat risk assessment as a mindset, not just a task,” Mansour explains. “They understand that there’s value in risk assessments. It’s not just a checkbox on their list.” Their teams are intellectually curious rather than robotic, but this requires giving people adequate time and breathing room to think deeply.

They Create Collaborative Environments

These firms don’t silo team members into individual sections. Instead, they “connect the dots between client goals, internal controls, and audit processes with purpose.” Team members actively consider how discoveries in one area impact testing in others, creating a comprehensive understanding that reduces risk while improving efficiency.

They Invest in Proper Mentorship

Rather than throwing junior staff into complex situations alone, top performers create systematic mentorship structures. They pair junior staff with experienced seniors who provide real-time guidance, immediate field discussions, and progressive responsibility increases.

They Focus on Custom Solutions

Elite performers avoid generic approaches entirely. They tailor audit plans to each client and engagement year. Their team members can explain their logic clearly without defaulting to “it’s what we were told” or “it’s what we did last year.”

Three Changes to Make Right Now

If your firm wants to improve immediately, Mansour recommends focusing on these three foundational changes:

  1. Slow down in the planning process and allow for deeper team discussions. Invest upfront time that prevents downstream scrambling and quality issues.
  2. Ensure walkthroughs include a formal evaluation of control effectiveness with documentation customized to the specific client and current year rather than generic templates.
  3. Critically assess each risk and match it to custom procedures designed to address it, eliminating the disconnect between identified risks and actual testing approaches.

How You Know You Got It Right

Success in risk assessment is measurable through specific indicators. Your audit plan should be tailored, not generic. This demonstrates genuine client-specific thinking rather than template dependency. Your team members should be able to explain their logic clearly and provide substantive reasoning for their approaches.

Most importantly, when partners or regulators review your documentation, they should be able to “read your risk assessment and understand the rationale,” as Mansour puts it. They should see a clear narrative and strategic thinking rather than dry, templated responses.

If your team can’t explain their logic, or if external reviewers see obvious evidence of rolling forward prior year templates, you’re still in checkbox mode rather than strategic thinking mode.

The Foundation Makes the Difference

Risk assessment isn’t preliminary work that happens before the “real” audit begins. It’s the foundation that determines whether your entire engagement succeeds or struggles. As Mansour explains using a gardening analogy, if the risk assessment seed “doesn’t get planted properly, if it’s not cared for properly, it sets you up for failure.”

Firms that recognize this and invest accordingly create sustainable competitive advantages through systematically superior approaches to this critical phase.

The strategies and tools we’ve covered are proven approaches to transform your risk assessment process from liability into a strategic advantage. However, implementation requires commitment to changing how your firm approaches and uses its resources for this foundational work.

Ready to dive deeper into these risk assessment strategies and discover the specific frameworks top performers use? Listen to the full episode of Audit Smarter for Sam Mansour’s complete insights on transforming your approach to risk assessment and elevating your audit practice.