Earmark CPE

Earn CPE Anytime, Anywhere

Sam Mansour

Your Best Audit Findings Hide Behind the Questions You Never Ask

· ·

Picture this: A controller walks an auditor through their revenue recognition process, casually mentioning a manual journal entry they make at year-end to “true things up.” That offhand comment—captured only because the auditor asked an open-ended question rather than a checklist query—led to uncovering improper revenue recognition that would have otherwise gone undetected.

In this episode of Audit Smarter, host Abdullah Mansour sits down with Sam Mansour, CPA, to explore an often overlooked aspect of auditing: the art of asking effective questions. Through their conversation, they reveal how the most basic tool in an auditor’s toolkit can make the difference between surface-level compliance work and truly understanding a client’s operations.

As Sam points out early in the discussion, “The quality of the answers we get is only as good as the questions we ask.” This principle shapes everything that follows, from why traditional yes-or-no questions fail to practical techniques for creating an environment where clients willingly share critical information.

Why Yes-or-No Questions Sabotage Your Audits

The most common mistake auditors make starts with two simple words: “Did you?” As Sam explains, yes-or-no questions create a trap that undermines the entire purpose of audit inquiries. They push clients toward specific answers and provide almost no insight into actual processes and controls.

Consider the typical scenario Sam describes: an auditor asks, “You reviewed this reconciliation, right?” The client faces an almost impossible choice. “What are they going to say? No?” Abdullah observes during the conversation. Sam agrees. “They almost have to say yes, even if they’re lying.” The phrasing practically forces a “yes” response, but even when that answer is truthful, what has the auditor actually learned?

“Let’s say they did review the reconciliation and the answer is actually yes,” Sam continues. “So you say, ‘You review this reconciliation, right?’ Then they say, ‘Yes, I did.’ It’s like, well, that’s it, right? You’re done.”

Instead of asking whether someone reviewed a reconciliation, Sam suggests a different approach: “Walk me through how you review the reconciliations. What do you look for? What happens if it’s off?” This reframing transforms a binary checkpoint into a window into the client’s actual processes.

The power of this approach became crystal clear in Sam’s story about uncovering improper revenue recognition. During a routine inquiry, he asked a controller to walk him through their revenue recognition process. The open-ended question invited explanation rather than confirmation. “Midway through, they casually mentioned a manual journal entry they made at year end to true things up,” Sam recalls. “That comment led to further testing and uncovered improper revenue recognition. If I hadn’t asked that open-ended question, we would have missed it.”

But there’s an art to crafting these questions. Sam warns against being too broad. For example, asking about “internal controls in general” leaves clients unsure where to start. He also cautions against cramming multiple questions into one. “Sometimes people will ask you like three different questions in one shot,” he notes. “And it’s really hard to remember what was number two or number three.”

The sweet spot? Be specific about the area you’re investigating, but open about how you want it explained. For example: “How do you receive cash in that specific area?”

Moving from yes-or-no questions to open-ended inquiries is just the first step. The real challenge is creating an atmosphere where clients feel comfortable sharing detailed, honest information.

The “New Employee” Technique That Changes Everything

Technical knowledge alone won’t extract meaningful information from clients. As Sam demonstrates through his eight years of field experience, the key lies in how you position yourself during the inquiry.

“When I’m doing these inquiries,” Sam explains, “I’m like, look, I understand how payroll generally works really well, but I don’t understand how you do it here. That’s very new to me. And so I want you to pretend like I know nothing about payroll, pretend like I’m brand new to this, and you’re explaining it to someone for the first time.”

Abdullah immediately grasps the value, “As if you’re a new employee to their firm.” This positioning accomplishes two objectives. First, it prevents clients from assuming the auditor already knows their processes and therefore skipping crucial details. Second, it reduces the threat level of the interaction.

“You don’t want to fill in gaps in the process,” Sam explains. “Maybe they don’t explain specific things to you because it’s like, well, that’s just how it’s done for payroll, right? Of course. But the thing is, what if they don’t actually do it like that?”

The physical and tonal elements matter just as much as the words. Sam paints a vivid picture of what not to do. “If someone walks in and they cross their arms and put on a frowny, unpleasant face, that body language and tone definitely gives you the feeling they’re unapproachable.”

But swinging too far in the other direction creates its own problems. “You don’t want to become their best friend in the whole wide world,” Sam warns, “because then if you have to write them up for a finding or communicate bad news in the future, you might feel uncomfortable doing that.”

The solution is what Sam calls being “professional but approachable.” He starts meetings with simple human touches like asking about their weekend, checking if it’s a good time to meet, and crucially, asking if clients have questions about the audit before diving into his own inquiries. “Giving them the opportunity to  ask why we’re doing certain things makes them feel good.”

One of Sam’s most powerful techniques is the strategic use of silence. “Clients often fill the space with valuable content,” he notes. “If you ask a question and give room for pause, they might feel a little bit uncomfortable and start giving you more information.”

The danger of getting the approach wrong becomes clear in Sam’s cautionary tale about a staff auditor who burst into the conference room declaring, “I know we have a finding in this area. I know there’s a problem here.” The aggressive approach damaged the client relationship and led to an incorrect conclusion. The auditor missed compensating controls that actually addressed the perceived gap.

“When they were doing the inquiries, they came off as a little arrogant and accusatory,” Sam recalls. The client later confided that this approach “kills the conversation really quick.”

Different personality types require different strategies. Some clients barely speak, requiring you to seek information from other sources or approach them with very specific questions. Others flood you with information. “Sometimes you have to rein them in if they’re more on the chatty side,” Sam advises. “Don’t be afraid to control the conversation a little bit.”

These interpersonal skills don’t develop automatically. They require deliberate practice and a commitment to continuous improvement—even for senior professionals.

Practice, Preparation, and the Path to Mastery

The gap between knowing how to ask better questions and actually doing it in the field is larger than most auditors realize. Sam references Neil Rackham’s book “SPIN Selling” to illustrate this point. “If you’re trying to train yourself to sell, don’t use something you’ve just learned on a big deal because it’s not familiar to you. It’s going to be kind of clunky.”

The same principle applies to audit inquiries. Entry-level auditors are unfamiliar with clients and uncomfortable with fieldwork and the expectation to ask potentially invasive questions. “It’s not just potentially uncomfortable for the client,” Sam acknowledges, “it’s probably uncomfortable for you.”

His solution might surprise those used to traditional accounting training: role-playing. Picture a lunch meeting where team members practice asking each other the same questions they’ll pose to clients. The senior auditor observes, catching those yes-or-no questions before they become habits.

“You want to be able to hear yourself saying the question and feel comfortable with those questions coming out of your mouth,” Sam explains. He uses payroll as an example. After ten years, asking for everyone’s pay scale feels routine, but “as an entry-level person, you might think, oh, it’s really strange to ask them to give me the pay scale for everyone that works here.”

Abdullah agrees:, “Role playing is one of the most helpful things I’ve done in certain situations.”

Preparation extends beyond practice sessions. Sam strongly advocates for developing questions in advance, challenging the notion that spontaneous inquiries appear more confident. “If you go into an inquiry and you’re just winging it, it could be very unprofessional.”

His reasoning is practical. When dealing with a difficult or unresponsive client, having prepared questions serves as both a roadmap and a safety net. “At least when you walk away from that inquiry, you have achieved your goal of asking the right questions,” he explains. The alternative—having to return for follow-up questions on the same topic—triggers a cascade of problems, from client complaints to difficult conversations with audit partners.

Active listening requires its own skill development. Sam describes maintaining a notepad during inquiries, jotting down items that need follow-up but resisting the urge to interrupt. “You don’t want to stop them and say, ‘Show me that journal entry.’ You want them to just keep going.”

The learning curve extends throughout an auditor’s career. “For a partner or manager to think they’ve achieved the highest level of skill in this field is somewhat unrealistic,” Sam observes. 

This matters because teams watch their leaders. Sam recalls being an early-career auditor, observing every interaction between partners and clients because those conversations typically involved “more sophisticated or important things.”

Yet formal training in this area is scarce. “Unfortunately, I don’t think there’s a lot of great CPE out there on the skill of strong inquiries,” Sam laments. This gap forces motivated professionals to seek resources outside traditional accounting education, including from books on sales, negotiation, and communication.

The payoff extends far beyond audit quality. “Being able to uncover key details in your personal life, professional life, at the client, in your own organization, it’s just so critical,” Sam reflects. 

Your Next Steps Toward Better Audit Inquiries

The journey from checkbox auditor to strategic advisor doesn’t require mastering new accounting standards. As Sam demonstrates, it requires three fundamental shifts in how we approach asking questions.

First, abandon yes-or-no questions in favor of open-ended inquiries that reveal what clients do and how and why they do it. Second, cultivate an environment of professional approachability—warm enough to encourage dialogue, professional enough to maintain objectivity. Third, treat inquiry skills as a career-long development priority, not a soft skill you’ll somehow absorb over time.

Sam’s final advice brings it all together. “Be approachable, but be professional. If you’re not professional, it derails the inquiries. If you’re not approachable, it also derails the inquiries.”

These aren’t just nice-to-have communication techniques. The controller who mentions those year-end “true-up” entries won’t share that information with someone who makes them feel defensive. The employee who knows where the real control gaps exist won’t confess them to someone asking yes-or-no questions from a checklist.

For audit professionals, the quality of audit findings will never exceed the quality of your questions. Whether you’re preparing for your first solo client inquiry or you’ve been asking the same questions for decades, there’s always another level to achieve.

Ready to transform your audit approach? Listen to the full episode of “The Art of Audit Inquiries: Asking Better Questions” on Audit Smarter to hear Sam’s complete framework for handling difficult clients, managing different personality types, and knowing when to pivot your approach. Your next significant audit finding might be just one well-crafted question away.

Perfect Audit Work Means Nothing Without This One Critical Skill

· ·

“If it’s not documented, it didn’t happen.”

This statement from a government auditor stopped Sam Mansour cold during his career, and it should stop you, too. Say you’ve just completed four hours of meticulous audit work, but your reviewer spends an hour trying to decipher what should take 15 minutes to review. That’s not just frustrating; it’s a documentation failure that could sink an otherwise excellent audit.

In a recent episode of the Audit Smarter podcast, hosts Abdullah Mansour and Sam Mansour, CPA, explain why documentation is a persistent weakness in audit files across firms of all sizes. Despite years of training and countless review comments, auditors continue to treat this critical skill as an afterthought—a box to check after the “real work” is done.

When Great Audits Fail

Auditors spend hours conducting fieldwork, asking all the right questions, pulling perfect samples, and demonstrating exceptional professional skepticism. Yet months later, during a peer review, the work receives a failing grade.

Why? Documentation so unclear reviewers couldn’t understand what they actually did.

“If you don’t document it properly, how is anyone supposed to know what you actually did?” Sam asks. “You could say you audited certain sections. You could say you did these procedures, but if you don’t actually document that in a memo and show the work that you did, it’s really difficult for anyone to follow.”

Documentation is the sole evidence of audit quality, so it’s more than a compliance requirement; it’s “how you tell the story of that audit.”

The Four Essential Questions

Every work paper must answer four questions to tell that story effectively:

  1. What was tested?
  2. Why was it tested?
  3. How was it tested?
  4. What were the results?

These are the minimum requirements for documentation that can stand on its own. Yet Sam regularly encounters work papers that fail to answer even one of these questions clearly.

Consider Sam’s experience auditing farm accounting, where crop harvesting created unusual transactions. Rather than simply verifying journal entries and moving on, he documented how the industry worked and retained professional literature explaining the accounting treatments. “Instead of just verifying the journal entry and moving on, I actually retained documentation showing why that journal entry was proper,” he explains.

Too often, Sam encounters the opposite: PDF files dropped into audit folders with zero context. “You open up a PDF file and you’re like, well, what is this thing?” Even when a document clearly displays “depreciation schedule,” without annotations explaining which procedures were performed or how it links to other work papers, it’s useless.

The problem also extends to client communications. Sam frequently sees emails from clients copied directly into audit files without any auditor analysis. “A client provides an explanation of something via email. We’ll grab that email and stick it into the audit file. And it’s like, okay, so what is this?”

The Hidden Cost Multiplier

When Sam pulls a team member into his office to discuss documentation, the conversation often starts with simple math. 

Work that takes four hours to perform should require only 15-20 minutes to review when properly documented. But poor documentation forces reviewers to spend four times that amount. “You are making me work harder,” Sam emphasizes. “It’s literally taking me four times as long because your documentation is so confusing.”

This time multiplication is even more costly when you consider billing rates. Reviewers often bill at nearly double the rate of preparers. When poor documentation forces a manager to spend an hour instead of 15 minutes on review, the budget impact isn’t just the extra 45 minutes—it’s 45 minutes at a significantly higher rate.

But time and money are only surface-level costs. The deeper damage occurs when overwhelmed reviewers can no longer catch critical issues. “You increase the risk of audit deficiencies during a peer review or inspection,” Sam warns, “because you’re making it so much harder for the reviewers to catch everything.”

The Learning Gap

Perhaps the most insidious cost is the lost learning opportunity. When documentation is vague, reviewers can’t provide specific, actionable guidance.

“If you detailed it out step by step, a reviewer could say, ‘Hey, did you think about this step?’ or ‘Why don’t you consider doing this?”‘ Sam explains. “But when it’s vague, it’s like, I have no idea what you did.”

This feedback vacuum stunts professional development. A team member once told Sam that review comments felt overwhelmingly negative: “There’s never any positive feedback. It’s always negative.” While Sam initially dismissed this as just part of the process, he later recognized that when documentation is consistently poor, the review process becomes purely corrective rather than developmental.

The career implications are severe. “When people in auditing are disorganized and don’t document well, the disorganization comes through in their documentation,” Sam observes. “And if you’re trying to rise up through the ranks, it’s not a good sign.”

Building Documentation Excellence

“Document as you go. Document as you go. Document as you go.”

Sam repeats this mantra three times for emphasis, calling it “one of the biggest pitfalls for myself and for other people.” The memory problem is more severe than most auditors realize. “Your memory is not as great as you think it is,” Sam warns. “You lose bits and pieces as time passes.”

Creating Standalone Work Papers

The solution is to build documentation habits throughout the workday. “Think of every work paper as a standalone work paper,” Sam emphasizes. Each document needs clear annotations explaining what it is, why you included it, and how it connects to other work papers.

For example, when pulling in a depreciation schedule provided by the client, don’t just drop it into the folder. Add annotations explaining its purpose and link it to related testing documentation. This bi-directional linking creates what Sam calls “breadcrumbs” that allow reviewers to follow the audit trail effortlessly.

The Self-Review Strategy

Sam offers a useful tip for learning from feedback: “Open up a Word document, and when you get review comments, copy them into that document.” Label each comment by work paper reference. Before submitting future work in similar areas, consult this personal feedback log.

“Look through the review comments you received last time and see if they apply to this work paper,” Sam suggests. This prevents reviewers from having to give the same feedback repeatedly, which can be a major source of frustration.

With today’s technology, there’s no excuse for poor documentation habits. “You can record and get transcriptions of calls. You can take notes on your phone. You can take notes on your computer,” Sam notes. “There’s no reason other than—I’m going to be honest—laziness.”

Templates and Coaching

Templates are another helpful tool, but Sam cautions against using them blindly. “You can leverage templates to guide you through the process,” he explains. When creating standardized emails, add personal touches: “Hey, how was the trip last year?” before transitioning to standard language.

For managers, the key is coaching rather than just correcting. “Walk them through well-documented files to show them what good documentation looks like,” Sam advises. When someone does exceptional work, “point out the win” during wrap-up meetings. This positive reinforcement creates a culture that celebrates good documentation rather than merely criticizing poor documentation.

Your Path Forward

Documentation determines whether your audit succeeds or fails, and Sam’s framework for excellence is surprisingly straightforward:

  1. Every work paper must stand alone – readable without hunting through other files
  2. If reviewers need to ask questions, it’s not done – documentation should answer everything
  3. Remember the triple benefit – good documentation reduces stress, speeds reviews, and protects the firm

The choice is yours. You can continue treating documentation as an annoying afterthought, forcing reviewers to waste hours deciphering your work while your career stagnates. Or you can implement these strategies, transforming documentation from your greatest weakness into your most powerful professional asset.

Want to dive deeper into these documentation strategies? Listen to the full episode of the Audit Smarter podcast, where Sam and Abdullah share additional techniques and real-world examples to transform your approach to audit documentation. Your future self (and your reviewers) will thank you.

When Auditors Become Robots: The Hidden Cost of Mechanical Box-Checking

· ·

For four to five straight years, an audit team meticulously completed their control testing checklists, dutifully checking every box and signing off on every procedure. Their work papers looked pristine. Their compliance documentation was flawless. And all the while, an employee was systematically committing fraud right under their noses.

When questioned about the controls they’d supposedly tested year after year, these auditors couldn’t explain how a single one actually worked. They had fallen into what CPA Sam Mansour calls “the checklist trap”—a dangerous mindset where the very tools designed to ensure audit quality become the biggest threats to it.

This eye-opening example comes from a recent Audit Smarter podcast episode where host Sam Mansour digs into the mechanical box-checking that passes for diligent auditing in too many firms today. While audit checklists are useful tools for quality control, they become dangerous crutches when auditors stop thinking beyond the boxes they’re checking.

When Good Tools Become Dangerous Crutches

Checklists start life as helpful guides. They’re designed by experienced professionals who’ve seen common audit problems and want to prevent them. They’re meant to be guardrails, keeping auditors on track while still allowing room for professional judgment and client-specific thinking. But somewhere along the way, these helpful tools can become dangerous.

The transformation happens gradually. As Mansour explains, “If the checklists say to go look at an area, you go look at that area. If they’re silent on a specific area, then you just don’t even consider going in there. So basically, instead of it being a helpful guide, it becomes a literal crutch.”

What starts as a helpful framework eventually limits an auditor’s perspective to what’s written on forms. 

The checklist mentality is particularly dangerous because it feels so professional. Auditors complete every step, sign off on every procedure, and produce work papers that look thorough. The documentation appears complete and compliant. But underneath the surface, there’s no critical thinking.

Consider the real-world example from the podcast: auditors who marked controls as “tested” year after year, checking all the right boxes and completing all the required procedures. Their checklists were perfect. Their sign-offs were current. But when questioned about how these controls actually worked, they couldn’t provide a single coherent explanation.

“There were severe control issues at the client which allowed for fraud to occur,” Mansour explains. “And it just wasn’t discovered by the audit team. The person committed fraud for four or five years. And I think the auditors just kept coming in and checking that box.”

The consequences were predictable and severe. The fraud continued undetected, not because the checklists were inadequate, but because no one was thinking beyond them.

This creates blind spots where fraud and errors can flourish. As Mansour notes, “Checklists are designed kind of as a textbook solution. The checklists don’t necessarily catch everything..”

The Hidden Forces That Kill Critical Thinking

The checklist trap isn’t the result of lazy auditors or character flaws; it’s the predictable outcome of systemic problems that even dedicated professionals can’t overcome through willpower alone. When we look beneath the surface of mechanical box-checking, we discover forces that make thoughtful auditing nearly impossible.

The most damaging culprit is budget pressure created by systematic underbidding. As Mansour explains: “Some firms tend to price engagements very low. And so let’s say, for example, your budget is $5,000 for an engagement, when really it should be $15,000.”

The math is brutal. If your firm targets $150 per hour but you’re forced to complete work in one-third the appropriate time, you’re effectively working for $50 per hour while still being held to $150-per-hour quality standards. This creates an impossible situation where taking time to truly understand complex checklists is financially unsustainable.

The cultural reinforcement runs deep. In many firms, the message from leadership focuses on completion rather than understanding: “Make sure you fill out these checklists, make sure they’re done correctly, make sure every box is checked.” This message, coupled with crushing deadlines and impossible budgets, transforms checklists from investigative tools into speed tests.

“A lot of times, unfortunately, in public accounting, that kind of curiosity, that dialog is seen as a waste of time because it takes up billable hours,” Mansour observes. The system rewards speed over understanding and punishes the curiosity that leads to quality work.

The training gap makes things worse, particularly for new auditors who find themselves drowning in technical terms they never learned in school. Mansour recalls his own experience: “I actually remember sitting there, looking at my computer, looking at my screen, and thinking, oh my gosh, I had no freaking clue what I’m doing.”

When new auditors are handed complex checklists filled with unfamiliar concepts but given no time to learn, mechanical completion becomes their only survival strategy. The system even punishes the behaviors it claims to want. Mansour describes being criticized early in his career: “The criticism that I used to get is look at this person next to you, how quick they are.”

While his colleague was flying through checklists, Mansour was taking time to understand the work and feeling “so far behind” and “so dumb” as a result. The irony? Years later, Mansour had surpassed his speedy colleague in seniority, proving that thoroughness ultimately beats speed. But how many talented auditors give up or develop bad habits before they can prove this point?

This creates a cycle where underbidding forces rushed work, rushed work requires increased checklist dependency, and checklist dependency reduces the quality that justifies higher fees. Breaking free requires systematic change.

Breaking Free: The Strategic Approach to Better Auditing

The path out of the checklist trap isn’t about abandoning structure or telling auditors to simply “think more.” It requires systematic changes that address the root causes we’ve identified. Forward-thinking firms are implementing coordinated solutions that transform their economic models, training approaches, and cultural expectations.

The foundation starts with honest pricing. Firms must have the courage to move their fees to industry-standard levels, even if it means difficult conversations with clients. As Mansour explains, when firms properly price their engagements and explain the increases, the client, a lot of times, will stay. Because if they ask around, they’ll find those fees are industry standard, and what they were getting with you was really an unreasonable deal.

Adequate pricing creates the breathing room necessary for thoughtful analysis rather than mechanical box-checking. With realistic budgets in place, firms can modernize their training by focusing on the “why” behind procedures rather than just the “what.”

Effective training requires creating psychological safety for new auditors to admit knowledge gaps. Mansour offers this advice to entry-level staff: “Look, if you don’t know it, you’re better asking the questions now. Because if I hear you asking in 12 months or 24 months those questions you should have asked in the first two, three, four months, I’m going to be very concerned.”

The shift requires moving beyond speed-focused metrics to value-based evaluation. Instead of comparing new auditors to experienced colleagues on time alone, managers should emphasize quality development first. As Mansour learned through experience, “You’re better off going slow and then picking up the speed later. Whereas if you start out with the speed to impress people, it’s difficult, I found, to pick up the quality.”

Practical implementation involves several concrete tools. Firms should customize audit programs for each engagement rather than using generic templates. Modern audit software can generate tailored checklists based on client-specific risk assessments. Adding professional judgment prompts throughout checklists helps auditors think beyond simple completion.

Mansour suggests incorporating “memory joggers,” brief explanations of how conclusions were reached. For example, when testing missing check numbers in a sequence, document not just what was done, but why. “We decided to test missing check numbers because we noticed irregularities in the sequence that could indicate control weaknesses or potential fraud.”

Successful firms also restructure their wrap-up meetings to discuss what was done and why it mattered. “We could say that we audited a specific area. But why did we choose to audit that area, especially if it’s not something we typically do?” Mansour asks.

The red flags that indicate continued checklist dependency are easy to spot. Work papers that remain essentially identical year over year signal mechanical copying rather than thoughtful analysis. Missing documentation of key discussions suggests auditors are focused on completion rather than understanding. Outdated information, like wrong contact names scattered throughout documents, reveals the copy-paste mentality that characterizes checklist traps.

Teams that successfully break free demonstrate clear evolution in their work. Their audit programs adapt as clients change and grow. They identify new risks and modify procedures accordingly. Most importantly, they can articulate the reasoning behind their decisions.

As Mansour’s technical reviewer wisely noted: “When the peer reviewers come in, they have a checklist, and their checklist is checking in on your checklist.” Understanding that audits exist within layers of professional oversight reinforces why thoughtful checklist use serves everyone’s interests better.

The Choice Between Clerks and Professionals

When auditors become mechanical box-checkers rather than analytical investigators, the tools that promise consistency and quality destroy the very thinking that makes work professional in the first place.  Clients deserve better.

This isn’t about individual auditors lacking motivation or intelligence. It’s about good professionals working within systems that punish the curiosity and analytical rigor their profession demands. When firms underbid engagements, create crushing time pressures, and reward speed over understanding, they train their staff to stop thinking.

On the other hand, firms that properly price their services, invest in real training, and create cultures that reward analytical thinking avoid the checklist trap and position themselves as the strategic partners their clients need.

The goal is to use checklists as launching points for professional judgment rather than substitutes for it. The firms that learn to balance structure with thinking will build stronger relationships, deliver higher value, and attract the talent that drives long-term success.

The complete roadmap for avoiding checklist dependency is available in the full Audit Smarter podcast episode, where Mansour provides detailed implementation strategies, specific examples of cultural transformation, and the exact frameworks successful firms use to turn checklist-dependent teams into strategic thinking powerhouses.

Because in the end, the choice is simple: Continue training clerks who check boxes, or develop professionals who think, analyze, and protect the interests they’re hired to serve.

Why Your Audit Fails Before Fieldwork Even Starts

· ·

“Some audits are doomed before the fieldwork even begins.”

In Episode 2 of Audit Smarter, Sam Mansour cuts to the heart of a problem many audit professionals face but don’t fully understand. You’ve been there: an experienced team, solid procedures, and a reasonable budget. Yet somehow, the engagement still feels like constantly playing catch-up. Testing seems disconnected. Risks surface at the worst possible moment. Partners ask questions during review that should have been answered weeks ago.

The culprit? Poor risk assessment that undermines everything that follows.

Most audit professionals understand risk assessment is important, but few realize how dramatically it shapes their engagement. Mansour explains, “The risk assessment drives the entire audit approach. And if we misidentify or overlook specific audit risks, your testing could be misaligned, and you could waste time. But even more concerning, you might miss material misstatements.”

Here’s what’s happening across the profession and, more importantly, what you can do about it.

Why Risk Assessment Gets the Short End of the Stick

The problem isn’t that auditors don’t know how to assess risk. It’s that firms have systematically devalued this critical phase, treating it as administrative overhead rather than the strategic foundation it actually is.

“Many teams view planning just as a compliance step and not as a strategic one,” Mansour observes. Budget pressures and efficiency demands create an environment where teams feel pushed to rush through risk assessment. “We devalue the risk assessment phase. We think of it as a textbook thing. Let’s just check some boxes and move on.”

This leads to what Mansour calls “pencil whipping,” mechanically completing checklists without genuine thought or analysis. The evidence shows up everywhere in audit files: work paper references that don’t make sense, incorrect years, or references to people who no longer work at the organization.

“It’s pretty clear it’s been rolled forward,” Mansour notes. “And it’s also very clear no one read through it.”

When external reviewers, whether peer reviewers or regulators, see this kind of documentation, it immediately raises red flags. “As a peer reviewer, you look at some of these risk assessments, and it’s crystal clear they just rolled this from last year and they didn’t even look at it,” he explains. “You’re probably going to be pretty strict when you’re looking at the rest of that file because clearly these guys are just rolling from the prior year.”

The pressure to be “efficient” in planning creates a dangerous cycle where the foundation of the audit becomes weaker, making it much harder to execute proper testing throughout the engagement.

5 Common Mistakes That Derail Audits

Understanding where things typically go wrong helps you avoid these pitfalls in your own engagements. Mansour identifies several patterns that consistently create problems.

Generic, Template-Driven Approaches

When risk assessments are generic and not customized to the specific client, the walkthroughs and procedures that follow suffer. “If we are general or vague in our identification of risks, it results in generic audit procedures,” Mansour explains.

Copying Prior Year Without Thinking

Using prior-year documentation as a starting point makes sense, but many teams go too far. They simply copy everything over with minor adjustments, becoming “a little complacent, a little lazy” in the rollover process. A better approach is to use prior-year information as a guide but take a fresh perspective on the current year.

Failing to Link Risks to Procedures

One “gut-wrenching” moment in an audit review happens when the audit team identifies risks in checklists, but no corresponding procedures address them. “You identified this risk, but what did you do about it?” This mistake exposes fundamental gaps in audit logic.

Superficial Inquiries

Take related party transactions, for example. Many auditors accept a simple “we have none” from the client and move on. But as Mansour points out, “that’s not sufficient.” Instead, “auditors should dig into board minutes, vendor relationships, and ownership records” to understand whether related parties exist and what transactions might occur.

Misusing Junior Staff

Sending inexperienced team members to conduct walkthroughs without proper guidance is a recipe for problems. Junior staff might identify three issues out of ten while missing critical problems that experienced auditors would catch immediately. “Sometimes you need experience to tell you, you’re looking at ten different things and eight of them are going to be a problem and two of them are not,” Mansour explains.

The solution isn’t to avoid using junior staff. It’s to pair them with experienced team members who can provide real-time guidance and fill in the gaps.

Practical Tools to Strengthen Your Risk Assessment

The good news is that these problems are entirely fixable with the right approach and tools. Here’s what works:

  • Dynamic checklists. Move beyond simple checkbox exercises to checklists that challenge teams to collect new information and think deeply about what they find. Ask different types of questions that force auditors to go beyond surface-level inquiries.
  • Structured brainstorming sessions. Don’t just conduct one brainstorming session and call it done. Mansour recommends peppering collaborative discussions throughout the engagement. “Have the engagement team go out to lunch and consider that part of your brainstorming activity,” he suggests. These sessions force teams to share knowledge and often uncover overlooked areas.
  • Early data analytics. Instead of treating analytics as nice-to-have add-ons, deploy them “immediately after engagement acceptance,” Mansour advises. His approach: “Give me your trial balance, and I will do some data analytics on it right from the get-go.” This generates specific issues to investigate before client meetings, allowing you to connect numbers to client stories strategically.
  • Simple intelligence gathering. Something as basic as Googling your client’s name can reveal critical information, yet “a lot of auditors won’t even do that,” Mansour observes. “You’d be shocked at some of the stuff” these searches uncover. Review prior audit findings, look for industry changes, and stay current on client updates.
  • Collaborative team approach. Instead of having one person update risk assessment documentation alone, assign different sections to different team members. This ensures multiple people read through and think about the content, rather than having it all flow through one person who might miss important details.

What Separates Top Performers

Firms that consistently execute superior risk assessments share several key characteristics that set them apart.

They Treat Risk Assessment as a Mindset

“Top performers treat risk assessment as a mindset, not just a task,” Mansour explains. “They understand that there’s value in risk assessments. It’s not just a checkbox on their list.” Their teams are intellectually curious rather than robotic, but this requires giving people adequate time and breathing room to think deeply.

They Create Collaborative Environments

These firms don’t silo team members into individual sections. Instead, they “connect the dots between client goals, internal controls, and audit processes with purpose.” Team members actively consider how discoveries in one area impact testing in others, creating a comprehensive understanding that reduces risk while improving efficiency.

They Invest in Proper Mentorship

Rather than throwing junior staff into complex situations alone, top performers create systematic mentorship structures. They pair junior staff with experienced seniors who provide real-time guidance, immediate field discussions, and progressive responsibility increases.

They Focus on Custom Solutions

Elite performers avoid generic approaches entirely. They tailor audit plans to each client and engagement year. Their team members can explain their logic clearly without defaulting to “it’s what we were told” or “it’s what we did last year.”

Three Changes to Make Right Now

If your firm wants to improve immediately, Mansour recommends focusing on these three foundational changes:

  1. Slow down in the planning process and allow for deeper team discussions. Invest upfront time that prevents downstream scrambling and quality issues.
  2. Ensure walkthroughs include a formal evaluation of control effectiveness with documentation customized to the specific client and current year rather than generic templates.
  3. Critically assess each risk and match it to custom procedures designed to address it, eliminating the disconnect between identified risks and actual testing approaches.

How You Know You Got It Right

Success in risk assessment is measurable through specific indicators. Your audit plan should be tailored, not generic. This demonstrates genuine client-specific thinking rather than template dependency. Your team members should be able to explain their logic clearly and provide substantive reasoning for their approaches.

Most importantly, when partners or regulators review your documentation, they should be able to “read your risk assessment and understand the rationale,” as Mansour puts it. They should see a clear narrative and strategic thinking rather than dry, templated responses.

If your team can’t explain their logic, or if external reviewers see obvious evidence of rolling forward prior year templates, you’re still in checkbox mode rather than strategic thinking mode.

The Foundation Makes the Difference

Risk assessment isn’t preliminary work that happens before the “real” audit begins. It’s the foundation that determines whether your entire engagement succeeds or struggles. As Mansour explains using a gardening analogy, if the risk assessment seed “doesn’t get planted properly, if it’s not cared for properly, it sets you up for failure.”

Firms that recognize this and invest accordingly create sustainable competitive advantages through systematically superior approaches to this critical phase.

The strategies and tools we’ve covered are proven approaches to transform your risk assessment process from liability into a strategic advantage. However, implementation requires commitment to changing how your firm approaches and uses its resources for this foundational work.

Ready to dive deeper into these risk assessment strategies and discover the specific frameworks top performers use? Listen to the full episode of Audit Smarter for Sam Mansour’s complete insights on transforming your approach to risk assessment and elevating your audit practice.