Skip to content
Documentation

CPA Audit Access

Set up external audits in Caydem — create engagements, manage PBC lists, upload documents, configure sampling, and grant auditor portal access.

When external auditors arrive, Caydem is ready. The CPA Audit Access feature gives auditors a dedicated, scoped portal with exactly what they need — engagement details, a request list, supporting documents, and transaction samples — without exposing your entire accounting system. This guide covers engagements, PBC lists, document upload, sampling, and portal access.

How audit access works

Audit access is built around an engagement: a defined piece of audit work, scoped to specific periods and entities, with a specific audit team. Auditors interact with your books through a read-scoped portal tied to that engagement. They can see what the engagement grants and nothing more.

This keeps the audit efficient for the CPA and safe for you — there is a clear boundary around what the audit team can access.

Creating an engagement

An engagement defines the audit and who is performing it.

  1. Create a new engagement and give it a name (for example, “FY2025 Financial Statement Audit”).
  2. Define the scope — the periods and entities under review.
  3. Add the audit team — invite the external auditors who will work the engagement. They receive scoped access through the portal.
  4. Set the engagement timeline and status so everyone knows where things stand.

Once created, the engagement becomes the container for the PBC list, uploaded documents, samples, and the auditor’s access.

PBC lists

The PBC list — Prepared By Client — is the list of items the auditors request from you. Caydem manages it directly inside the engagement so nothing falls through the cracks.

  • Track every request — each PBC item has a description and a status, from open to fulfilled.
  • Attach evidence to the request — upload the requested document directly onto the PBC item, so the request and its fulfillment stay together.
  • Shared visibility — both your team and the audit team see the same list and its status, which eliminates the usual back-and-forth about what has and hasn’t been provided.

Working the PBC list to completion is the core of preparing for the audit. Caydem turns it from a scattered email thread into a single, trackable checklist.

Uploading documents

Auditors need supporting documentation, and Caydem keeps it organized within the engagement.

  • Upload documents against a PBC item to fulfill a specific request.
  • Documents already attached to transactions during normal bookkeeping are available as evidence, so much of what auditors ask for may already be in the system.
  • Uploaded files are scoped to the engagement, so the audit team sees the relevant documents without browsing your entire document store.

Because attachments live with the transactions and requests they support, the supporting evidence is always one click from the item it backs up.

Configuring sampling

Auditors test populations of transactions by examining a sample. Caydem lets you configure and pull samples in a reproducible way.

  • Define the population — the set of transactions to sample from, scoped by account, period, or other criteria.
  • Set the sampling parameters — the selection method and sample size appropriate for the test.
  • Pull a reproducible sample — the selection criteria are recorded, so the sample can be relied upon and re-explained later.

Reproducibility matters: an auditor needs to know exactly how a sample was selected. Caydem captures the criteria alongside the sample so the methodology is transparent.

Period sign-offs as evidence

The Period Close sign-offs you captured during the year are part of the audit story. They show who reviewed each period and when, demonstrating that your close controls operated as intended. Caydem surfaces these sign-offs to the engagement so auditors can verify that controls were followed, not just that the numbers add up.

Auditor portal access

External auditors access the engagement through a dedicated portal:

  • Scoped, read-oriented access — auditors see the periods, entities, documents, PBC items, and samples the engagement grants, and not the rest of your system.
  • Identity through Mission Control — on the Cloud and Mission Control tiers, auditor access is managed via Mission Control identity, so it is granted and revoked cleanly.
  • Revocable — when the engagement ends, access is removed. The audit team does not retain a standing key to your books.

This model gives auditors genuine, useful access while keeping you firmly in control of the boundary.

A typical audit, end to end

  1. Create the engagement and define its scope.
  2. Invite the audit team to the portal.
  3. Build and work the PBC list, attaching documents as items are fulfilled.
  4. Configure and pull samples for the auditors’ tests.
  5. Let auditors review period sign-offs and supporting evidence.
  6. Close out and revoke access when the engagement is complete.

Next steps

  • Ensure your periods are properly closed and signed off in Period Close.
  • Confirm supporting documents are attached during normal posting — see Journals & Entries.
Back to all documentation