Best Practices

Why Your Audit Fails Before Fieldwork Even Starts

Earmark Team · September 16, 2025 ·

“Some audits are doomed before the fieldwork even begins.”

In Episode 2 of Audit Smarter, Sam Mansour cuts to the heart of a problem many audit professionals face but don’t fully understand. You’ve been there: an experienced team, solid procedures, and a reasonable budget. Yet somehow, the engagement still feels like constantly playing catch-up. Testing seems disconnected. Risks surface at the worst possible moment. Partners ask questions during review that should have been answered weeks ago.

The culprit? Poor risk assessment that undermines everything that follows.

Most audit professionals understand risk assessment is important, but few realize how dramatically it shapes their engagement. Mansour explains, “The risk assessment drives the entire audit approach. And if we misidentify or overlook specific audit risks, your testing could be misaligned, and you could waste time. But even more concerning, you might miss material misstatements.”

Here’s what’s happening across the profession and, more importantly, what you can do about it.

Why Risk Assessment Gets the Short End of the Stick

The problem isn’t that auditors don’t know how to assess risk. It’s that firms have systematically devalued this critical phase, treating it as administrative overhead rather than the strategic foundation it actually is.

“Many teams view planning just as a compliance step and not as a strategic one,” Mansour observes. Budget pressures and efficiency demands create an environment where teams feel pushed to rush through risk assessment. “We devalue the risk assessment phase. We think of it as a textbook thing. Let’s just check some boxes and move on.”

This leads to what Mansour calls “pencil whipping,” mechanically completing checklists without genuine thought or analysis. The evidence shows up everywhere in audit files: work paper references that don’t make sense, incorrect years, or references to people who no longer work at the organization.

“It’s pretty clear it’s been rolled forward,” Mansour notes. “And it’s also very clear no one read through it.”

When external reviewers, whether peer reviewers or regulators, see this kind of documentation, it immediately raises red flags. “As a peer reviewer, you look at some of these risk assessments, and it’s crystal clear they just rolled this from last year and they didn’t even look at it,” he explains. “You’re probably going to be pretty strict when you’re looking at the rest of that file because clearly these guys are just rolling from the prior year.”

The pressure to be “efficient” in planning creates a dangerous cycle where the foundation of the audit becomes weaker, making it much harder to execute proper testing throughout the engagement.

5 Common Mistakes That Derail Audits

Understanding where things typically go wrong helps you avoid these pitfalls in your own engagements. Mansour identifies several patterns that consistently create problems.

Generic, Template-Driven Approaches

When risk assessments are generic and not customized to the specific client, the walkthroughs and procedures that follow suffer. “If we are general or vague in our identification of risks, it results in generic audit procedures,” Mansour explains.

Copying Prior Year Without Thinking

Using prior-year documentation as a starting point makes sense, but many teams go too far. They simply copy everything over with minor adjustments, becoming “a little complacent, a little lazy” in the rollover process. A better approach is to use prior-year information as a guide but take a fresh perspective on the current year.

Failing to Link Risks to Procedures

One “gut-wrenching” moment in an audit review happens when the audit team identifies risks in checklists, but no corresponding procedures address them. “You identified this risk, but what did you do about it?” This mistake exposes fundamental gaps in audit logic.

Superficial Inquiries

Take related party transactions, for example. Many auditors accept a simple “we have none” from the client and move on. But as Mansour points out, “that’s not sufficient.” Instead, “auditors should dig into board minutes, vendor relationships, and ownership records” to understand whether related parties exist and what transactions might occur.

Misusing Junior Staff

Sending inexperienced team members to conduct walkthroughs without proper guidance is a recipe for problems. Junior staff might identify three issues out of ten while missing critical problems that experienced auditors would catch immediately. “Sometimes you need experience to tell you, you’re looking at ten different things and eight of them are going to be a problem and two of them are not,” Mansour explains.

The solution isn’t to avoid using junior staff. It’s to pair them with experienced team members who can provide real-time guidance and fill in the gaps.

Practical Tools to Strengthen Your Risk Assessment

The good news is that these problems are entirely fixable with the right approach and tools. Here’s what works:

Dynamic checklists. Move beyond simple checkbox exercises to checklists that challenge teams to collect new information and think deeply about what they find. Ask different types of questions that force auditors to go beyond surface-level inquiries.
Structured brainstorming sessions. Don’t just conduct one brainstorming session and call it done. Mansour recommends peppering collaborative discussions throughout the engagement. “Have the engagement team go out to lunch and consider that part of your brainstorming activity,” he suggests. These sessions force teams to share knowledge and often uncover overlooked areas.
Early data analytics. Instead of treating analytics as nice-to-have add-ons, deploy them “immediately after engagement acceptance,” Mansour advises. His approach: “Give me your trial balance, and I will do some data analytics on it right from the get-go.” This generates specific issues to investigate before client meetings, allowing you to connect numbers to client stories strategically.
Simple intelligence gathering. Something as basic as Googling your client’s name can reveal critical information, yet “a lot of auditors won’t even do that,” Mansour observes. “You’d be shocked at some of the stuff” these searches uncover. Review prior audit findings, look for industry changes, and stay current on client updates.
Collaborative team approach. Instead of having one person update risk assessment documentation alone, assign different sections to different team members. This ensures multiple people read through and think about the content, rather than having it all flow through one person who might miss important details.

What Separates Top Performers

Firms that consistently execute superior risk assessments share several key characteristics that set them apart.

They Treat Risk Assessment as a Mindset

“Top performers treat risk assessment as a mindset, not just a task,” Mansour explains. “They understand that there’s value in risk assessments. It’s not just a checkbox on their list.” Their teams are intellectually curious rather than robotic, but this requires giving people adequate time and breathing room to think deeply.

They Create Collaborative Environments

These firms don’t silo team members into individual sections. Instead, they “connect the dots between client goals, internal controls, and audit processes with purpose.” Team members actively consider how discoveries in one area impact testing in others, creating a comprehensive understanding that reduces risk while improving efficiency.

They Invest in Proper Mentorship

Rather than throwing junior staff into complex situations alone, top performers create systematic mentorship structures. They pair junior staff with experienced seniors who provide real-time guidance, immediate field discussions, and progressive responsibility increases.

They Focus on Custom Solutions

Elite performers avoid generic approaches entirely. They tailor audit plans to each client and engagement year. Their team members can explain their logic clearly without defaulting to “it’s what we were told” or “it’s what we did last year.”

Three Changes to Make Right Now

If your firm wants to improve immediately, Mansour recommends focusing on these three foundational changes:

Slow down in the planning process and allow for deeper team discussions. Invest upfront time that prevents downstream scrambling and quality issues.
Ensure walkthroughs include a formal evaluation of control effectiveness with documentation customized to the specific client and current year rather than generic templates.
Critically assess each risk and match it to custom procedures designed to address it, eliminating the disconnect between identified risks and actual testing approaches.

How You Know You Got It Right

Success in risk assessment is measurable through specific indicators. Your audit plan should be tailored, not generic. This demonstrates genuine client-specific thinking rather than template dependency. Your team members should be able to explain their logic clearly and provide substantive reasoning for their approaches.

Most importantly, when partners or regulators review your documentation, they should be able to “read your risk assessment and understand the rationale,” as Mansour puts it. They should see a clear narrative and strategic thinking rather than dry, templated responses.

If your team can’t explain their logic, or if external reviewers see obvious evidence of rolling forward prior year templates, you’re still in checkbox mode rather than strategic thinking mode.

The Foundation Makes the Difference

Risk assessment isn’t preliminary work that happens before the “real” audit begins. It’s the foundation that determines whether your entire engagement succeeds or struggles. As Mansour explains using a gardening analogy, if the risk assessment seed “doesn’t get planted properly, if it’s not cared for properly, it sets you up for failure.”

Firms that recognize this and invest accordingly create sustainable competitive advantages through systematically superior approaches to this critical phase.

The strategies and tools we’ve covered are proven approaches to transform your risk assessment process from liability into a strategic advantage. However, implementation requires commitment to changing how your firm approaches and uses its resources for this foundational work.

Ready to dive deeper into these risk assessment strategies and discover the specific frameworks top performers use? Listen to the full episode of Audit Smarter for Sam Mansour’s complete insights on transforming your approach to risk assessment and elevating your audit practice.

Protect Your Bookkeeping Practice: Essential Boundaries That Preserve Your Value

Earmark Team · August 27, 2025 ·

When hosts Alicia Katz Pollock and Veronica Wasek spun their “Wheel of Rants” on a recent episode of The Unofficial QuickBooks Accountants Podcast, they landed on a topic that sparked an energetic discussion: “The 20 things that accountants should never do.”

What followed was a candid conversation about the essential boundaries every bookkeeper should establish to protect themselves and their clients. Whether you’re just starting your bookkeeping practice or you’re a seasoned professional, these boundaries are critical safeguards for building a sustainable business.

Client Relationship Boundaries: Who’s Really in Charge?

“Allowing clients to control the work we do and really treating us as employees” topped Wasek’s list of boundary violations. She explained that many bookkeepers, especially those transitioning from employee roles, fall into the trap of letting clients direct their work.

“The client shouldn’t be directing the work you do,” Wasek emphasized. “There should be proper diagnosis done by us as accountants and then we give the client our recommendations.”

This distinction is crucial: Are you following orders or leading the process? As Katz Pollock pointed out, “If you’re a bookkeeper with your own firm or your own practice, you should be the one guiding the narrative.” Otherwise, you might actually be functioning as an employee rather than an independent contractor.

Financial Boundaries: Know Your Worth

Both hosts shared strong opinions about working for free or undervaluing services. Wasek explained how offering free work “devalues our industry as a whole” and signals that you don’t value your own expertise.

Katz Pollock added a practical concern: “If you were willing to do it for free, why would I pay you $500 a month to do it?” This initial boundary violation creates expectations that become nearly impossible to reset later.

Another common mistake is marking down invoices without discussion. Wasek shared an example based on her own experience. “My fee was $10,000 based on all the time that I spent on it, but I don’t think they’re going to pay me $10,000, so I just charge them $5,000.”

She now recognizes this as a serious boundary violation, explaining, “We tend to project our own feelings about money to our clients.” Instead of assuming clients won’t pay, have an open conversation about pricing.

Katz Pollock offered a practical strategy for those who bill hourly. “I charge what I consider a reasonably high rate, and that allows me to give a discount. Then I feel like everybody wins. I’m still getting a satisfactory rate, and they feel good.”

The hosts also warned against becoming financially dependent on just a few clients. “What if one out of those three leaves and you were financially dependent on that client?” Wasek cautioned. This dependency traps bookkeepers in problematic relationships where they can’t enforce other boundaries for fear of losing essential income.

Security Boundaries: Protecting Your Clients and Yourself

“Having direct access to the client’s bank accounts or their bill payment” is a practice Wasek strongly discourages. She shared a sobering example of a client that embezzled $8 million through their in-house bookkeeper, who had unrestricted access.

Katz Pollock acknowledged the practical challenges, noting she sometimes needs bank account access to view statements or check images. Her solution involves strict controls: “We have a 1Password vault that nobody has access to except for me and my contracted bookkeeper,” plus explicit language in her engagement letter that they “will never take any action either on your behalf or at your request.”

Both hosts emphasized the importance of secure password management. “Nowadays, you need to have unique passwords for everything,” Wasek explained, recommending systems that limit credential visibility to only those who absolutely need them.

Email communication presents another security concern. “The bane of my existence is emails,” Katz Pollock admitted, noting important client communications often get buried. More critically, Wasek warned, “There are so many email scams going on right now where you think you’re talking to your client and they are not your client.”

She shared a chilling example: “One of my clients was a victim of an email scam with a vendor. He sent a couple of million dollars to this fraudulent vendor, and then couldn’t do anything about it.” This led her firm to abandon email entirely for client communications, moving to secure platforms instead.

Professional Expertise Boundaries: Know Your Limits

“Taking a client when you lack the required skills” and giving legal or tax advice without proper qualifications made both hosts’ lists of major boundary violations.

“Certain industries and certain types of clients are more complex,” Wasek explained, highlighting areas like e-commerce and nonprofit accounting that require specialized knowledge.

Both hosts stressed that bookkeepers should never give tax or legal advice without proper credentials. “If you don’t have a law degree and if you don’t have a tax designation, then you can’t actually back up and stand by the advice you’re giving,” Katz Pollock cautioned.

Instead, they recommended developing relationships with specialists and having prepared responses for common client questions. As Wasek suggested, “I would try to give them the right words to use to ask their CPA the proper question.”

Documentation Boundaries: Get It in Writing

“Not using engagement letters” was another boundary violation, both hosts emphasized. Wasek learned this lesson “the hard way” after initially “working on a handshake,” explaining that formal agreements “really set the tone for the entire relationship.”

A comprehensive engagement letter should outline services provided, responsibilities, pricing, payment terms, and procedures for ending the relationship. Katz Pollock recommended reviewing engagement letters annually. “I look to see if their scope has changed. How many checking accounts did I agree to and how many do they have now?” This gives a “tangible reason for raising our prices” beyond just annual increases.

Both hosts also advocated for paid diagnostic assessments before committing to new clients. This smaller initial engagement helps evaluate a client’s responsiveness and complexity before making longer-term commitments.

Personal Boundaries: Protecting Your Time and Energy

The hosts discussed the common issue of bookkeepers acting as “unpaid therapists” for their clients. Wasek recalled a client who “would keep me on for at least an hour” multiple times weekly, making it impossible to complete actual work. She learned to establish time parameters, saying, “I’d love to talk to you, but I have a meeting in 15 minutes.”

Another crucial personal boundary involves maintaining client confidentiality. “You never, ever, ever talk badly about either the business owner or a bookkeeper to another business owner or another bookkeeper,” Katz Pollock stressed. This includes avoiding sharing information between clients or discussing former clients with their new bookkeepers without explicit permission.

Wasek shared a situation involving partnership conflicts: “I had to terminate the relationship. I would rather this client think badly of me for leaving them without a bookkeeper than to attack the other partner or to tattletale.”

Building a Stronger Practice Through Boundaries

Throughout their discussion, Wasek and Katz Pollock emphasized that proper boundaries ultimately create more sustainable and rewarding businesses.

“I am a big believer in karma, and that when one door closes, another one opens,” Katz Pollock shared. “If you have a really large client that you depend on, and either they let you go or you just find it toxic, I don’t recommend staying.”

Wasek agreed, adding that when bookkeepers release problematic clients, they gain “so much more mental energy to devote to better clients.”

For bookkeepers looking to establish stronger boundaries, the hosts recommended:

Getting proper training to understand your expertise and limitations
Using engagement letters reviewed by legal professionals
Implementing secure technology solutions for passwords and communications
Developing scripts for common boundary challenges
Building relationships with specialists for referrals
Conducting paid diagnostic assessments before committing to new clients

As Katz Pollock concluded about maintaining professional boundaries, “It says way more about you than it does about them.” It’s a reminder that how you establish and maintain boundaries ultimately defines your professional reputation and the health of your practice.

To hear more detailed insights about these essential bookkeeping boundaries, listen to the full episode using the player below or wherever you get your podcasts.

Alicia Katz Pollock’s Royalwise OWLS (On-Demand Web-based Learning Solutions) is the industry’s premier portal for top-notch QuickBooks Online training with CPE for accounting firms, bookkeepers, and small business owners. Visit Royalwise OWLS, where learning QBO is a HOOT!