California’s Client Trust Account Protection Program (CTAPP) represents a significant shift in how the State Bar oversees client trust accounting. A CTAPP compliance review is an agreed-upon procedures engagement performed by a State Bar–approved CPA firm. While annual CTAPP reporting applies broadly to most practicing attorneys, a smaller group is selected each year for review by an approved CPA firm. Because the program is still relatively new, many attorneys and law firm administrators are unsure what a compliance review actually involves, how the process unfolds, and what preparation is required. For some firms, the uncertainty around the process can create more disruption than the review itself. The reality is that CTAPP compliance reviews are structured, consistent, and highly procedural. Firms that understand how the process works tend to navigate it more efficiently, while those approaching it for the first time often find themselves reacting in real time. As part of our Five Points series, here are five aspects of the CTAPP compliance review process that every California attorney should understand.
1. Selection Is Structured, Not Purely Random
CTAPP compliance reviews are often described as random selections. While there is an element of rotation, the process is more structured than it appears. The State Bar is working to establish consistent oversight across the population of attorneys who maintain client trust accounts, which means selection should be viewed as an expected event over time rather than an unlikely occurrence. For firms, this has an important implication. Treating CTAPP as something that may or may not happen can lead to a reactive posture. Treating it as inevitable encourages firms to build processes and documentation practices that align with the review requirements well in advance. In practice, firms that assume they will be selected at some point tend to experience far less disruption when that selection occurs.
2. The CTAPP Compliance Review Is an Agreed-Upon Procedures Engagement
A CTAPP compliance review is not an audit and does not provide an opinion or assurance. Instead, it is an agreed-upon procedures engagement, meaning the CPA firm performs a defined set of procedures established by the State Bar and reports factual findings based on those procedures. This distinction is critical. The CPA firm is not evaluating overall compliance or issuing a conclusion on whether a firm is “in compliance.” Rather, the engagement focuses on documenting whether specific elements of trust account activity align with the State Bar’s requirements. For attorneys and administrators, understanding this structure helps clarify expectations. The outcome is not a pass-fail determination, but a structured report of findings that the State Bar uses as part of its broader oversight process.
3. Documentation Drives the Entire Process
While CTAPP reviews involve procedures and testing, the engagement is fundamentally driven by documentation. The CPA firm relies on records provided by the firm to perform required procedures and evaluate trust account activity over the review period.
This includes, among other items:
- client trust ledgers
- bank statements
- three-way reconciliations
- trust account journals
- supporting documentation such as fee agreements and settlement statements
Firms with complete, consistent, and well-organized documentation tend to move through the process more efficiently. In contrast, firms with gaps in documentation often experience multiple follow-up requests, extended timelines, and increased internal effort to reconstruct missing information.
The difference is not in the procedures themselves, but in how prepared the firm is to support those procedures with clear, accessible records.
4. The CTAPP Compliance Review Process Is Sequential
Once selected, the CTAPP compliance review follows a structured sequence. While each engagement may vary slightly, the overall process typically includes:
- notification from the State Bar
- an initial request for foundational records
- selection of a State Bar–approved CPA firm
- a secondary request for more detailed documentation
- fieldwork and execution of required procedures
- submission of findings to the State Bar
Each phase builds on the prior one. Early delays, incomplete responses, or inconsistencies in documentation can create downstream challenges as the engagement progresses.
From an operational standpoint, this means that responsiveness and organization early in the process often determine how smoothly the overall review unfolds. Firms that approach the engagement with a clear internal owner and a structured response process tend to experience fewer disruptions.
5. Findings Are Reported Directly to the State Bar
One of the defining features of the CTAPP compliance review process is that findings are reported directly to the State Bar for restricted use. The CPA firm does not provide interpretation, advocacy, or conclusions on behalf of the firm. This structure reinforces the importance of accuracy and clarity in the information provided throughout the engagement. The report reflects the results of the procedures performed and becomes part of the State Bar’s oversight framework. For firms, this underscores a key point. The goal of the review is not to “perform well” in a traditional sense, but to ensure that trust account activity is properly recorded, documented, and aligned with established requirements.
Conclusion
CTAPP compliance reviews represent a meaningful evolution in the State Bar’s approach to oversight of client trust accounts. While the process itself is defined and consistent, the experience for each firm varies significantly based on preparation, documentation, and internal coordination. Firms that understand the structure of the engagement—and prepare accordingly—are better positioned to navigate the process efficiently and with minimal disruption to their operations. As the program continues to mature, the distinction between reactive and prepared firms will become more pronounced.
How CPAClub Can Help
CPAClub is a State Bar–approved CPA firm delivering CTAPP compliance reviews for California attorneys. We bring a structured approach aligned with required procedures to help firms navigate the process efficiently while minimizing disruption to billable work. If your firm has been selected for a CTAPP compliance review or is looking to prepare in advance, we encourage you to connect with our team or learn more here.
