From the Center for Audit Quality (CAQ):
Auditors have an unnatural ability to select THE ONE sample you know will get you in trouble...that one sample that caused you heartburn and you were glad to see posted and filed....and that one sample that is almost a year old and you cannot remember the clear details about. Unfortunately, you cannot simply ask your auditors to select a new sample to make your life easier. Once your auditors start asking questions and realize that you can't fully remember why that sample isn't as easy to explain as they would hope, they may conclude that the rest of your samples should be scrutinized even further. So the tip is to write everything down on the journal entry itself, regardless of how ugly it looks! Those notes will keep you sane at the end of your audit period because you'll never remember why you didn't write it all down in the first place!
During a recent conversation with a Managing Partner at a local CPA firm I learned that the PCAOB is starting to use forensic statistics to determine which external audit firms to review; it isn't random. The PCAOB has apparently come to the (logical) conclusion that if an audit fee is usually low relative to their comparative companies audit fees, then the quality of the audit is also probably low. What this means is that if a company decides to price shop for their audit, chances are they will not only get what they pay for but they may also be subjected to the scrutiny and potential requirement for an additional audit by the PCAOB. This could cause restatements, lawsuits, and just a laundry list of bad things.
One Week Implementation Effort Produced a One-Year ROI
Interesting article on User Developed Applications (UDAs). This could also apply to spreadsheets used for internal controls work, especially if they are distributed across departments and not centralized. Applications are typically developed for expense calculation and tracking (e.g. stock comp expense) as well as financial analysis. We try to take an approach that these types of tools should have permission control and be stored in documented locations where appropriate review and updating can be performed. It makes audit-related work much easier in the end!