Preparing For An Audit

The use-cases for AI and GenAI are truly limitless.    One of the new ways Deloitte is leveraging #GenAI is by supporting internal audit teams in their development of #AI strategies and applied capabilities. Not only are these tools supporting teams in the day-to-day audit process, but they are allowing them to build toward future-state operating models.    Here are a few of the ways Deloitte is offering AI-powered tools for the audit process:    Dynamic Risk Assessments – We utilize AI to develop end-to-end assessment capabilities to create more proactive models, resulting in a dynamic and iterative #risk assessment lifecycle that evolves with the org’s needs.    AI-on-Demand PODs – Our AI-on-Demand Product Oriented Delivery (POD) service delivery model consists of a team of engineers and designers to help clients develop customizable AI solutions that follow our Trustworthy AI Framework ™ (https://deloi.tt/3ywy7K8).    Automated SOX Scoping – We work with our clients to utilize AI to increase efficiency and save time during the Sarbanes-Oxley (SOX) scoping process. The statistical algorithms we put into place help clients develop a more accurate and risk-aligned scope for their SOX programs.    You can read more about how AI is changing the #audit landscape, here: https://deloi.tt/4d4xRBa Chris Griffin, Trevear Thomas, Dipti Gulati, Lynne Sterrett

Auditors checking boxes on checklists without thinking led to fraud going undetected for 4-5 years at one client. The team kept marking controls as "tested" year after year, but when asked how the controls actually worked, they couldn't explain it. This "checklist trap" happens when audit teams become so dependent on templates that they stop adapting procedures to each client's unique situation. Red flags include work papers that look identical year over year and auditors who can't explain why they performed certain procedures. The root cause is often budget pressure from underbid engagements, which forces teams to rush through checklists instead of understanding what they're testing. Listen to the full discussion on the Audit Smarter podcast, and earn CPE with Earmark: https://lnkd.in/gQKURrqm

Your financial statements look perfect... Until auditors find these missing entries. Missing adjusting entries can destroy your credibility. →Your reports show inaccurate numbers.  →Stakeholders lose faith.  →Auditors raise red flags. The risks escalate quickly: - Revenue recognition becomes distorted - Expense timing mismatches pile up - Accruals remain unrecorded - Asset values stay outdated - Tax compliance weakens But you can fix this through adjusting journal entries. Here's how: 1. Review all accrued revenues monthly 2. Track prepaid expenses systematically 3. Record depreciation accurately 4. Adjust inventory values 5. Document interest accruals 6. Update unearned revenue This process ensures financial integrity by aligning entries with principles and reflecting true business performance. Start protecting your financial accuracy today by implementing proper adjusting entries. With this step, you can transform your financial reporting from risky to reliable. Remember, financial accuracy isn’t optional—it’s essential for business survival. #adjustingjournalentry   #finance  #accounting  

The Impact of Accurate Documentation: Real-World Examples from an OIG Audit The importance of accurate condition capture and documentation in risk adjustment cannot be overstated. A recent OIG random review of EmblemHealth highlights just how much is at stake when conditions are incorrectly reported—or overlooked entirely. Here are three patient scenarios uncovered in the audit: Enrollee A • Submitted HCCs: 3 • Validated HCCs: 2 • Review Findings: The submitted HCC for Polyneuropathy was not supported by the medical record. • Impact: $1,992 overpayment to the plan. Enrollee B • Submitted HCCs: 2 • Validated HCCs: 2 • Review Findings: While the submitted HCC for Diabetes Mellitus (DM) with complications was not supported, the documentation did validate DM without complications. • Impact: $2,328 overpayment to the plan. Enrollee C • Submitted HCCs: 2 • Validated HCCs: 4 • Review Findings: Reviewers not only validated the submitted HCCs but also identified two additional HCCs that had not been submitted in claims. • Impact: $4,438 underpayment to the plan. The Takeaways The OIG review illustrates several key themes: 1. Documentation Gaps: Unsupported conditions can lead to overpayments, exposing plans to potential financial penalties and compliance risks. 2. Missed Opportunities: Inaccurate or incomplete submissions may result in underpayments, reducing the resources available to care for complex patients. 3. Importance of Proactive Reviews: Comprehensive reviews of documentation and coding practices can identify discrepancies before they escalate into larger issues. A Path Forward: Best Practices To mitigate risks and ensure accuracy: • Train Providers Continuously: Reinforce the importance of detailed documentation that supports all submitted diagnoses. • Conduct Pre-Bill Reviews: High-risk HCCs should undergo additional scrutiny before claims submission. • Leverage Retrospective Audits: These reviews can identify and address both unsupported claims and missed conditions, ensuring accurate risk scoring. The financial and compliance stakes are high. The EmblemHealth review revealed a $552,000 overpayment recommendation from the OIG, with 25% of submitted conditions unsupported by medical records. On the flip side, 65 additional conditions were identified but not submitted, representing missed opportunities for accurate risk adjustment. In risk adjustment, accuracy is everything. How does your organization close the gap between documentation and coding? Let’s connect and share strategies.

I have reviewed the financial statements of over a thousand SaaS companies, and here are my red flags. 1.       A “mix” of cash and accrual accounting 2.       No bank reconciliations 3.       Inability to generate a connected income statement, balance sheet, and cash flow 4.       A disconnected MRR report The first point is obvious but nuanced. Cash accounting in SaaS makes revenue data noisy and calculating metrics difficult, but it’s manageable. If managers and investors have good monthly data to compare year over year, they can get what they need from cash accounting. However, companies using a “mix” of cash and accrual accounting are problematic. Mixing and matching, particularly for revenue, creates too much uncertainty. I recently had a client who deferred revenue on some deals but not others. They received three term sheets for new capital, but all the deals fell away as diligence became bogged down in trying to understand the financials. The second item, bank reconciliations, validates the integrity of the financial statements. Cash is king, and the bank knows how much you have. All your debits and credits eventually need to be tied to the amounts in your bank accounts. That is the beauty of double-entry accounting. Investors and CEOs should ask to see bank reconciliations (even if they don’t know what they are looking at.) I had two portfolio companies fall behind on reconciling cash, and the results were disastrous. The financials were restated both times, and the investments were lost. The third item, generating a complete set of all three financial statements, is also a sign of financial competence that adds integrity to the numbers. Income statements, balance sheets, and cash flow statements all fit together to tell a complete story. Companies using ad-hoc accounting methods often can’t generate all three reports, and the accuracy of the financials suffers. The cash flow statement is the most under-used financial report in SaaS. For companies with pay-in-advance contracts, seasonality, or debt, cash-flow statements are an invaluable tool for understanding the business. The last item, a separate MRR report not integrated into the accounting system, is also a financial hygiene issue. Recurring revenue is on the income statement, and that number is tied to cash and validated. Managers and investors should use MRR on the income statement to make decisions, not the numbers on a disconnected spreadsheet. Tools and systems help support accurate and timely financial statements but also require experienced people. Some of the worst financial reporting I have ever seen came from Net Suite systems because the finance people did not know what they were doing. As you scale a SaaS business, you don’t need to add a lot of bodies to finance; it is a function that scales well if you have a few experienced people and the right tools to support them. Read more here: https://lnkd.in/g2F3qv9y

Grant Management in 2025: Tools for Stability, Compliance, and Continuity The federal funding environment has shifted. Legal protections for grantees remain strong—but day-to-day management is getting harder. Delayed drawdowns. Staffing disruptions. Quiet NOFO pauses. Increased scrutiny around equity language and procurement systems. In this week’s Tools for Communities newsletter, we take a step back and ask: what infrastructure do organizations need now to keep programs moving and funds flowing—regardless of politics? 🧰 This issue includes: A plain-language legal breakdown of federal grant termination rules under 2 C.F.R. § 200.340–343 A summary of key risks showing up in 2025 (drawdown lags, OIG audits, internal guidance to shift narrative language) A field-ready set of templates to support internal grant systems, reduce compliance risk, and prepare for audit or closeout Here’s what we’ve developed so far—free, editable, and available now by request: 🏗️ AWARD SETUP & GOVERNANCE Award Intake Form Policy Crosswalk for 2 C.F.R. compliance Grant Compliance Calendar 💰 FINANCIAL MANAGEMENT Monthly Federal Reporting Template (SF-425 aligned) Cost Allocation Worksheet Indirect Cost Rate Calculator 🤝 SUBRECIPIENT & PROCUREMENT OVERSIGHT Subrecipient Risk Matrix Monitoring Checklist + CAP Template Invoice Review Log 🕒 PERSONNEL & TIME TRACKING Time and Effort Certification (monthly + semi-annual) Conflict of Interest Disclosure Template 📂 AUDIT READINESS Document Retention Tracker Internal Controls Checklist (GAO Green Book aligned) Audit Findings Response Log 🧩 The full resource library will be published on our website in the coming weeks. If you need access now, please reach out. If you have tools you’d be willing to share—we’d love to include them. The goal is to make these resources freely available for the field. 📩 Please reach out with any questions, ideas, or needs. #grants #publicsector #nonprofitfunding #compliance #infrastructure #toolsforcommunities #grantwriting #federalfunding

Wait, …what? Auditors are people too?? No way... Well, way! Just like you and me - auditors rely on their past experiences, and they will inevitably bring their own biases into the process. My advice from the audit trenches… Get to know them early in the audit process. Seek to understand their perspective and ask the right questions. Audit readiness is about being proactive and making your compliance journey clear, transparent, and accessible. Few tips for your first meeting with your auditor Understand their perspective- Remember, auditors are people too. They’ve likely encountered a wide variety of organizations and industries, and their past experiences will shape their expectations. Ask questions that help you gauge what matters most to them- "What have you found to be the most common issues or red flags in audits like this?" "Can you share examples of best practices or common pitfalls you’ve seen in similar organizations?" Understanding their history will help you tailor your audit preparation and anticipate areas of focus. Clarify key priorities early- Start by understanding what’s going to be important to your auditor or firm. From my experience every audit firm, and especially individual auditors, have areas they care about most- "Are there any specific controls or areas you expect will require more attention in this audit?" "How do you typically approach assessing evidence for (specific domain, like security or privacy)?" This helps you focus your energy and ensure you’re providing exactly what they want to see. Prepare evidence that tells THE story- Don’t just throw documentation at your auditor. Present it in a way that’s organized, clear, and easy to understand: Break down complex controls into understandable pieces. Use a logical flow that walks them through your compliance journey. Offer narrative walkthroughs for key controls or processes, explaining how the evidence connects to the control. It’s about making sure they understand not only what you’re doing, but why it’s effective. BIG TIP -> Make their job easy: The easier you make it for them to find, review, and understand evidence, the smoother the audit process will go. Here’s how- Organize documentation with clear labels and references and date/time stamped! Provide summaries or guides (or I love to do videos) that help auditors navigate complex systems or evidence. The goal is to help them complete their audit with as little friction as possible. Be open and transparent- Audits are collaborative, and the key to success is open, HONEST communication. Be upfront about any potential weaknesses, but also explain how you're mitigating risks. "Here’s an area we’re currently improving, how can we best demonstrate that in the audit?" Creating a strong relationship with your auditor can set the tone for the entire engagement. Remember… Auditors are people too. Get to know them, be transparent, and put a smile on their face! Audit success! #CISO #MSP #audit

81% of startups don’t fail from competition. They fail because they ignore financial warning signs until it’s too late. After leading finance for multiple turnarounds, I’ve seen it too many times: ↳ Cash flow dries up ↳ Debt piles on ↳ Profits vanish By the time founders notice, it’s already a crisis. Here are 15 financial red flags that can quietly sink your startup: 🚩Income Statement: Profitability Risks 1/ Declining Revenues – Sales are shrinking, but costs aren’t 2/ Rising Operating Expenses – Overhead is growing faster than revenue 3/ Net Losses – Your burn rate is outpacing growth 4/ Unstable Revenue Sources – Relying on one-time gains to appear profitable 5/ Erratic Profit Margins – Revenue swings make forecasting impossible 🚩Balance Sheet: Financial Health Risks 6/ High Debt Levels – Interest payments are eating into profits 7/ Negative Equity –  You owe more than you own 8/ Accounts Receivable Piling Up – Customers delaying payments = cash flow risk 9/ Declining Asset Quality – Core business assets are losing value 10/ Short-Term Debt Dependence – Constantly borrowing to cover daily operations 🚩 Cash Flow Statement: Liquidity Risk 11/ Negative Operating Cash Flow – Your business isn’t self-sustaining. 12/ High Capital Expenditures – Overspending on assets with slow ROI 13/ Frequent Fundraising – Relying on investors instead of profitability 14/ Net Income vs. Cash Flow Mismatch – Profits on paper, but no real cash 15/ Negative Free Cash Flow – No extra cash to reinvest in growth Numbers tell stories. Make sure you’re reading yours before it’s too late. Which red flag concerns you the most? ♻Share this to help founders avoid costly mistakes And follow Mariya Valeva for more

Sorry if this sounds critical… That’s how I used to start audit conversations. Polite. Non-threatening. Safe. But also? Completely ineffective. I remember one meeting in particular. I had valid points. Real risks. But I sandwiched every issue between disclaimers and half-apologies. The client nodded. Smiled. And. Ignored everything. Shocker. Afterward, my manager pulled me aside. She didn’t yell. She didn’t criticize. She just said: “If you keep apologizing for doing your job, they’ll stop listening altogether.” That was the wake-up call. I didn’t need to be rude. I needed to be clear. Direct. Confident. Now I use what I call the A.P.O.L.O.G.Y.™ approach, a way to communicate with confidence, without needing to apologize for it. A – Assess the situation, not your self-worth P – Position your message with confidence O – Own the issue—don’t deflect it L – Lead with facts, not fear O – Offer insights, not just criticism G – Ground your point in evidence Y – Yield the floor with purpose, not permission Confidence isn't arrogance. It’s clarity with a backbone. We teach this, and more, in our communication courses for auditors.

Dear AI Auditors, Foundations of AI Audit AI has quickly moved from “emerging tech” to business-critical systems. Banks use it to flag fraud. Insurers use it to price policies. HR teams use it to screen candidates. Customer service depends on chatbots powered by large models. But most audit functions still don’t have a tested playbook for AI. This gap creates blind spots at exactly the time when regulators, investors, and the public are asking tougher questions about trust. If you’re leading or participating in AI audits, here are the foundations you can’t afford to ignore: 📌 Define the Scope Clearly Don’t audit AI in the abstract. Focus on systems that shape financial reporting, compliance obligations, or customer outcomes. A fraud detection model or claims assessment tool deserves priority over a low-impact internal chatbot. 📌 Understand AI Evidence Types AI doesn’t always produce “traditional” evidence. You’ll need artifacts like training data lineage, system logs, model documentation, and bias test results. Decide up front what will count as valid audit evidence. 📌 Check Governance Structures Who owns AI risk in your organization? If no one can answer clearly, you’ve uncovered a governance gap. Look for oversight committees, a Chief AI Officer role, or designated control owners. 📌 Assess Data Integrity Models are only as reliable as their inputs. Confirm whether the data is authorized, accurate, and complete. Ask how often it is refreshed? How is quality measured? Who signs off? 📌 Review Model Transparency If management can’t explain why a model makes certain decisions, the risk is already high. Auditors should look for explainability tools, model cards, or other documentation that turns the “black box” into something testable. 📌 Evaluate Monitoring and Drift Detection Models age. They lose accuracy as real-world conditions shift. Look for monitoring dashboards, alert thresholds, and documented retraining cycles. 📌 Link AI to Business Objectives Every AI system should connect to measurable goals, cost savings, fraud reduction, and customer satisfaction. If the business case is weak, even a well-governed system may not justify the risk exposure. Auditors who master these foundations will protect their organizations from regulatory penalties, reputational damage, and costly AI failures. Those who don’t risk leaving critical blind spots unchecked. AI isn’t optional anymore. Neither is AI audit readiness. #AIAudit #AuditLeadership #AIControls #AIGovernance #ModelRisk #InternalAudit #GRC #AITrust #AuditCommunity #RiskManagement #CyberYard #CyberVerge