Workpaper sign-off chain — 5 stages, ordered, immutable
Per ISA 220 + ISA 230, every workpaper must be reviewed in a defined chain. AuditPro enforces 5 stages: Preparer → Reviewer → Manager → Partner → EQCR. Each stage unlocks only when the prior is signed. After EQCR signs, the workpaper is locked.
The chain visualised
Step-by-step
Preparer signs
The staff/senior who performed the workpaper procedures clicks Sign as preparer. Status: draft → preparer_done. Stamps: name, role, timestamp, IP. Optional comment.
Reviewer signs
Senior reviews the work. If issues, raises a review point — preparer responds, reviewer clears. Once happy, clicks Sign as reviewer. Status: preparer_done → reviewer_done.
Manager signs
Audit manager reviews focus on conclusions, materiality, audit risk. Same review-point loop available. Clicks Sign as manager. Status: reviewer_done → manager_done.
Partner signs
Engagement partner does the final review, focuses on whether the conclusion supports the opinion. Clicks Sign as partner. Status: manager_done → partner_done.
EQCR signs (if required)
EQCR is mandatory for listed entities + high-risk engagements (ISA 220.A52). Independent of the engagement team. Click Sign as EQCR → status partner_done → eqcr_done. Workpaper instantly locks — no further edits.
Locked state
All form fields disabled. Procedures, lead schedule, conclusions all read-only. The lock icon shows on the workpaper card. Sign-off ribbon shows green ✓ on all 5 stages.
Sign-off ribbon UI
All 5 sign-offs complete · Locked 12 Apr 2026 14:32
Review points
At each review stage, the reviewer can raise review points — questions, requests for more evidence, challenges. Review points block sign-off until cleared:
- Raise: reviewer types question in the review-point form, severity (info / minor / major), assigns to preparer.
- Respond: preparer writes resolution, attaches additional evidence if needed, marks "responded".
- Clear: reviewer reviews response, ticks "cleared". Status pill turns green.
- History: all review points + responses preserved on the workpaper. Visible to all reviewers up the chain.
Unlock procedure (rare, audited)
Sometimes a partner needs to amend a locked workpaper (e.g. subsequent event identified after EQCR sign-off). Unlock requires:
- Partner-level role +
m19.unlockpermission - Written reason — minimum 50 characters
- Audit-log entry with timestamp, user, reason, prior sign-off chain snapshot
- All sign-offs revoked but preserved in history (revoked-not-deleted)
- Workpaper re-enters draft; full re-sign-off required to lock again
On a workpaper where you signed as preparer, log out and log back in as a senior. Open the workpaper → click Sign as reviewer. Notice the manager / partner buttons are still disabled — they only enable after reviewer signs. The chain is enforced at the service layer, not just the UI.
Don't sign on behalf of someone else. The signature stamps the logged-in user's identity. If a senior asks the staff to "click sign as reviewer for me", that's a regulatory red flag — and the audit log will show it. Each role signs from their own login.
Aim for < 5 open review points per workpaper at any time. More than that means review is happening too late. The workpaper hub shows open RP count per workpaper as a red badge — keep it low to keep momentum.
What's next
All 12 workpapers signed through 5 stages. Sign-off chain locked. The partner now runs the audit-completion check — does this engagement meet every regulatory requirement before issuing the report? Phase 11 covers the readiness gate.