How to Run a Client Trust Account Self-Audit Before Your CTAPP Review: The 12-Point Checklist That Saves California Firms $10K-$25K in 2026
California's State Bar started mandatory CTAPP compliance reviews in late 2025, and the selected firms pay $10,000-$25,000 out of pocket for a State Bar-approved CPA to perform the review. A clean self-audit is the cheapest defense. Here is the exact 12-point checklist your firm should run before the CTAPP letter ever lands.
Published: 2026-04-28T12:17:12.090Z · Category: Compliance · 9 min read
Why This Matters Now
The State Bar of California’s Client Trust Account Protection Program (CTAPP) annual reporting deadline falls on March 30 each year. Since August 2025, the Bar has run mandatory compliance reviews of selected attorneys’ trust accounts. Selected firms must hire a State Bar-approved CPA at their own expense — and the typical cost runs $10,000 to $25,000, more if the books are messy.
Beyond the dollar cost, a CTAPP review can surface findings that escalate to the Office of Chief Trial Counsel. The cheapest defense is preventive: a real self-audit, documented monthly, that proves the firm already does what the Bar would check.
The 12-Point Self-Audit Checklist
1. Three-Way Reconciliation Performed Monthly
Bank statement balance, cleared/outstanding items, and the sum of every individual client ledger must all reconcile. Differences must be zero — not “small,” zero.
2. Designated Licensee Documented
The Designated Licensee must be on file with both the Bar and the financial institution, with documented signature authority and supervisory role.
3. Client Trust Listing Aged and Reviewed
Every client with a trust balance must be listed, aged, and reviewed monthly. No “Unidentified” or “Adjustments” line items — those are audit findings on day one.
4. No Negative Balances at the Client Level
One client’s funds may not cover another client’s matter, ever. A single negative client ledger is among the most common CTAPP findings.
5. All Earned Fees Transferred to Operating Within Reasonable Time
Earned fees sitting in trust commingle. Document the trigger and the timing for every operating transfer.
6. All Trust Disbursements Tied to a Matter
Every check, ACH, and wire out of trust must be traceable to a specific client matter and a specific authorization.
7. Bank-Issued IOLTA Account, Properly Titled
The account must be a Bar-eligible IOLTA, titled exactly as the Bar requires, with interest sweeping to the IOLTA program.
8. Account Reconciliation Reviewed and Signed by the Designated Licensee
A reconciliation that is performed but not reviewed and signed is incomplete. The reviewer must be the Designated Licensee or their direct supervisor.
9. No Cash Withdrawals Ever
ATM withdrawals, debit card use, or cash-back transactions on a trust account are per-se compliance failures.
10. Bank Notifications of Insufficient Funds Routed to the Bar
Under California rules, banks must notify the Bar of any overdraft on an attorney trust account. Confirm your bank has the correct notification setup on file.
11. Stale Balances Investigated and Resolved Quarterly
Trust balances older than 12–18 months without activity must be investigated. Unclaimed funds must be escheated under California’s unclaimed property law where applicable.
12. Documented Internal Control Procedures
A written policy describing who can deposit, withdraw, sign, and reconcile — kept current — is part of every CPA reviewer’s first request.
Why Generic Accounting Software Makes This Harder Than It Should Be
QuickBooks and other generic platforms can technically track trust balances, but they do not enforce client-level isolation, three-way reconciliation, or the audit trail the Bar expects. Most CTAPP findings we see at firms using generic accounting software fall into three categories: missing client-level ledger detail, no documented three-way reconciliation, and bank-feed reconciliation that quietly nets across clients.
| Capability | LawAccounting | Generic Accounting |
|---|---|---|
| Matter-level trust ledger | Native, per matter | Sub-account workaround |
| Three-way reconciliation | Built in, signed and stored | Manual spreadsheet |
| Stale-balance aging alerts | Automated | Not available |
| Designated Licensee workflow | Reviewer field, audit trail | Honor system |
| CTAPP-ready reports | One-click export | Custom build required |
The Monthly Cadence That Keeps Firms Out of Trouble
Days 1–3
Pull bank statements, reconcile cleared items, identify outstanding items.
Days 4–7
Run client-by-client trust ledger detail; investigate every variance over $0.
Days 8–10
Designated Licensee reviews, signs, and stores the three-way reconciliation packet.
Days 11–15
File the signed PDF in the firm’s compliance vault — your CTAPP audit response is now half-built.
The Three Findings That Trigger Escalation
Not every CTAPP finding goes to discipline. But three almost always do:
- Negative client ledger balances at any point in the audit period.
- Cash withdrawals or debit-card activity on the trust account.
- Failure to perform monthly three-way reconciliation.
Any one of these in a CTAPP review packet typically means the file leaves the CTAPP unit and lands with Chief Trial Counsel. Avoiding all three is a software question, not a willpower question.
- CTAPP compliance reviews cost firms $10K–$25K and the bill is on you, not the Bar — a clean self-audit is the cheapest defense.
- The 12-point checklist above mirrors what State Bar-approved CPAs actually look for; run it monthly and store the signed packet.
- Three findings — negative client balances, cash withdrawals, and missing three-way recon — almost always escalate to discipline.
- Legal-specific accounting software like LawAccounting enforces the controls that generic tools leave to manual discipline.
Ready to Make CTAPP a Non-Event?
See how LawAccounting’s three-way reconciliation, designated licensee workflow, and CTAPP-ready exports keep your firm audit-ready every month.
Schedule Your Demo