The Complete Guide to Trust Account Audits: What Triggers One, What Happens, and How to Survive It

Introduction: The Audit You Don't See Coming

Most attorneys think of trust account audits the way they think of IRS audits -- something that happens to other people. The assumption is that if you are not stealing from clients, you have nothing to worry about. That assumption is dangerously wrong.

Trust account audits are triggered by a range of events, many of which have nothing to do with intentional misconduct. An overdraft caused by a bank processing delay. A client complaint about slow disbursement. A random selection in a state that conducts proactive audits. And increasingly, a regulatory mandate like California's CTAPP program, which subjects every attorney who holds client funds to the possibility of a CPA audit at any time.

When an audit does arrive, the attorney who has been "getting by" with informal processes, incomplete records, and infrequent reconciliation discovers that the bar's standards are far more exacting than their own. The audit reveals not misappropriation but disorganization -- missing records, unreconciled accounts, stale outstanding items, residual balances on closed matters -- and disorganization, in the context of trust accounts, is itself a disciplinary offense.

This guide covers everything you need to know about trust account audits: what triggers them, what auditors examine, what happens if you fail, and how to build the kind of audit-ready practice that turns a potential crisis into a non-event.

What Triggers a Trust Account Audit

Trust account audits are initiated through several distinct mechanisms, and understanding which ones apply to your jurisdiction is essential for managing your risk.

• •Overdraft notifications are the single most common audit trigger. In virtually every state, banks that hold IOLTA accounts are required to notify the state bar -- or the designated disciplinary authority -- whenever the trust account is overdrawn or a check is dishonored. An overdraft notification does not automatically lead to a formal audit, but it does create a record with the bar and may trigger a preliminary inquiry or a request for records. For attorneys who have never received such a notice, it is worth understanding that even a minor overdraft -- caused by a timing issue, a bank error, or a simple miscalculation -- generates a notification to the bar.
• •Client complaints are the second most common trigger. When a client complains to the bar about delayed disbursement, unexplained deductions from a settlement, or a perceived shortfall in their recovery, the bar will typically examine the trust account records related to that matter. If the initial review reveals broader issues -- incomplete records, unreconciled accounts, multiple matters with similar problems -- the scope of the inquiry expands.
• •Random audits are becoming increasingly common. New Jersey has conducted random trust account audits through the Office of Attorney Ethics for decades. California launched CTAPP in late 2025, requiring annual certification and subjecting attorneys to random CPA audits. North Carolina recently launched its own random audit program. The ABA has encouraged other states to follow suit. If you practice in a state with random audits, you can be selected at any time, without cause.
• •Referrals from other proceedings can also trigger audits. If an attorney is the subject of a malpractice claim, a fee dispute, or any other proceeding that touches on financial matters, the bar may initiate a trust account review as part of a broader investigation.

What Trust Account Auditors Look For

Understanding what auditors examine allows you to assess your own readiness -- and to prioritize the areas where deficiencies are most likely to be found.

• •Three-way reconciliation records are the first thing auditors request. Auditors want to see that for every month of the audit period, you have documented reconciliation showing that your bank statement balance, trust ledger balance, and sum of client sub-ledger balances all agree. If you cannot produce this documentation, the audit has already found a deficiency -- regardless of whether your underlying balances are correct.
• •Individual client ledgers are examined to verify that every dollar in the trust account is attributed to a specific client or matter. Auditors will select a sample of client ledgers and trace transactions from receipt through disbursement, verifying that each entry is documented, accurate, and properly coded. Gaps in client ledgers -- transactions without matter references, unexplained balances, or ledgers that do not reconcile to the client's file -- are red flags.
• •Disbursement documentation is reviewed for completeness and accuracy. For each disbursement in the sample, auditors verify that there is a documented basis for the payment (settlement statement, invoice, fee agreement), that the amount is correct, that the payee is correct, and that the transaction was recorded contemporaneously. Settlement disbursement statements -- the document that shows the client how their settlement was allocated -- are a particular focus for PI firms.
• •Bank statements and cancelled checks are compared to the firm's internal records. Auditors look for discrepancies: transactions that appear on the bank statement but not in the trust ledger, checks that cleared for different amounts than recorded, deposits that cannot be attributed to a specific client, and any evidence of unauthorized transactions.
• •Outstanding items are scrutinized. Checks that have been outstanding for more than 90 days, deposits in transit that never arrived, and stale-dated items all draw attention. Outstanding items suggest either that a payee did not receive payment (a potential disbursement failure) or that the firm has not been monitoring its trust account activity closely enough.
• •Residual balances on closed matters are a particularly common finding. When a matter is closed but a small balance remains in the trust account -- because a check was not cashed, a calculation was slightly off, or the firm simply forgot to disburse the remaining funds -- the auditor will ask why. Residual balances are client funds that should have been returned. Their accumulation suggests systemic inattention to trust account management.

The CTAPP Audit: What California Attorneys Need to Know

California's Client Trust Account Protection Program represents the most significant change in trust account oversight in a generation. Launched in late 2025, CTAPP requires every California attorney who maintains a client trust account to certify their trust account practices annually on their State Bar profile. Attorneys who do not certify, or whose certifications indicate potential deficiencies, may be selected for a CPA audit.

The CPA audits under CTAPP are comprehensive. A licensed CPA examines the attorney's trust account records for a designated audit period, verifying compliance with California's trust account rules. The audit covers reconciliation practices, recordkeeping, disbursement procedures, and overall trust account management.

Early data from CTAPP's initial audits has been sobering. Among firms audited in the first wave, 83% had noncompliant trust account journals and 89% had noncompliant client ledgers. These are not firms that were stealing from clients -- they are firms that were not maintaining the documentation required by California's rules. The noncompliance rates suggest that the traditional compliance model -- relying on attorney self-regulation without proactive verification -- has allowed widespread deficiencies to persist.

The cost of a CTAPP CPA audit ranges from $5,000 to $15,000, depending on the complexity of the trust account and the volume of transactions. The attorney bears this cost. For firms that are not audit-ready, the financial impact extends beyond the CPA fees -- there is the staff time required to gather and organize records for the auditor, the potential need for outside accounting or ethics counsel, and the cost of remediation if deficiencies are found.

California attorneys should treat CTAPP as an immediate call to action. If your trust account records are not audit-ready today, they need to be before your next annual certification. The firms that invest in compliance infrastructure now -- proper reconciliation systems, complete documentation, purpose-built trust accounting tools -- will pass their CTAPP audits without incident. The firms that do not will face an increasingly uncomfortable reckoning.

What Happens If You Fail a Trust Account Audit

The consequences of audit deficiencies vary based on severity, but the range of outcomes is wide enough to warrant taking every audit seriously.

• •Minor recordkeeping deficiencies -- gaps in reconciliation documentation, incomplete client ledgers, missing transaction records -- where there is no indication of missing funds typically result in a requirement to remediate. The attorney may be required to bring records into compliance within a specified timeframe, complete a trust account management CLE course, and in some cases submit to a follow-up audit to verify remediation.
• •Patterns of noncompliance -- repeated reconciliation failures, systematic recordkeeping deficiencies, or evidence that the attorney has not been performing required oversight of the trust account -- elevate the matter into formal disciplinary territory. Outcomes may include private admonishment, public reprimand, or in serious cases, suspension of the attorney's license pending remediation.
• •Evidence of missing funds is treated with extreme seriousness. If the audit reveals that the trust account contains less than the sum of client ledger balances -- meaning some client's money is not there -- the matter is treated as potential misappropriation. Even if the attorney can demonstrate that the shortfall resulted from an error rather than intentional misconduct, the burden of proof shifts to the attorney to explain where the funds went. In jurisdictions where misappropriation triggers a presumption of disbarment, even an innocent explanation may not be sufficient.
• •The reputational consequences are often the most damaging. Bar disciplinary actions related to trust accounts are typically a matter of public record. A public reprimand or suspension for trust account deficiencies can damage client relationships, make it difficult to obtain or retain malpractice insurance, and permanently affect the attorney's professional standing. For law firm partners, a trust account disciplinary action can undermine the firm's relationship with banking institutions and referral sources.

How to Prepare for a Trust Account Audit

Audit preparation should not be a reactive exercise -- it should be the natural output of your ongoing trust account management practices. If your systems are working correctly, you should be audit-ready at all times.

• •Maintain monthly three-way reconciliation documentation. This is the single most important thing you can do. Every month, reconcile your bank statement, trust ledger, and client sub-ledger balances. Document the reconciliation in a standard format. Save the supporting bank statements, ledger reports, and any notes about discrepancies and resolutions. If an auditor knocks on your door, this documentation is what they will ask for first.
• •Keep complete client ledgers for every active and recently closed matter. Each client ledger should show every receipt and disbursement, with dates, amounts, payees or payors, and matter references. The sum of all client ledger balances should match your trust ledger balance at all times.
• •Document every disbursement with a settlement statement or other basis. For PI firms, the settlement statement -- showing how the gross settlement was allocated among the attorney, client, and third parties -- is the foundational disbursement document. Keep a copy in the client file and in your trust account records.
• •Resolve outstanding items promptly. Do not allow checks to sit outstanding for months. Follow up on uncashed checks within 30 days. Investigate and resolve any discrepancies immediately.
• •Address residual balances on closed matters. Run a report of all matters with trust account balances where the matter has been closed for more than 60 days. Each residual balance needs a resolution -- return to client, escheat to the state, or documentation of why the balance is being held.
• •Use technology that maintains the audit trail automatically. Manual processes require disciplined humans to document every step. Purpose-built trust accounting platforms create the audit trail as a byproduct of normal operations -- every transaction, approval, and reconciliation is recorded automatically.

The Audit-Ready Firm: What Best-in-Class Looks Like

The firms that handle trust account audits as routine administrative events -- rather than existential threats -- share several characteristics. They reconcile monthly without exception, treating it as a deadline equivalent to a court filing. They maintain real-time visibility into their trust account, not just month-end snapshots. They have written trust account procedures that every team member follows. They use purpose-built technology that automates the most error-prone elements of trust account management. And they assign explicit responsibility for compliance to a named individual -- it is someone's job, not everyone's afterthought.

These firms do not pass audits because they are lucky. They pass audits because their systems produce the documentation that auditors require as a natural output of daily operations. The audit is not a test they have to study for -- it is a review of records they have already been maintaining.