A Kinder, Gentler Audit

original article by Lawrence de Berry

summarised by oystercove

Most organizations are staffed by intelligent, well-meaning individuals who are committed to seeing an organization succeed. So, how do internal auditors get these good people to embrace changes recommended in the audit report?

The success of audit reporting is largely determined by the attitude and approach taken by the internal auditor in carrying out his duties. When handled appropriately and with sufficient tact, the reporting process can be smooth. Five rules in particular can help auditors in achieving reporting effectiveness and also bring about positive organizational changes.

be kind whenever possible

Rule 1: Treat clients with respect

Even people who knowingly or deliberately commit wrongdoing deserve to be treated respectfully. They may be fighting personal demons and auditors should look look upon them with no less humanity than they should everyone else. Suspected fraudsters may still have extensive social network in the organization and the way auditors treat them could impact morale as well as the ability of the auditors to function effectively, even on routine assignments

Auditors who follow this first rule ensure that the client is well-prepared for the audit report. They share results with the clients during the course of the audit engagement, noting issues along the way. These could be control concerns or efficiency issues. Before issuing the report, these auditors already know if their client agrees with the findings and the possible ways to mitigate the control risks.

Rule 2: Give clients the benefit of the doubt

Just because an auditor disagrees with a client’s process, it should never be assumed that the client’s arrive at the process out of ignorance or incompetence. There may have been valid reasons for doing so. Auditors look at the processes as outsiders with limited time for individual engagements, whereas the clients perform their jobs on a daily basis. Internal auditors need to maintain humility, recognize their own fallibility and give clients the benefit of the doubt.

When proposing a change to the client’s process, a tactful approach, by engaging with and explaining to the client the potential merits and benefits to be gained from adopting the auditor’s recommendations, would be more constructive. Clients would be more receptive and buy-in from them to the proposed changes is more likely, if their inputs are solicited.

Rule 3: Pick your battles carefully

Audit comments fall generally into two broad categories: control-related and those related to effectiveness and efficiency, which can be further broken down to minor or serious. Serious control issues without mitigation in place must be reported, but auditors should ensure that the clients understand that the auditors had no choice. However, if the clients disagree, the auditors must handle the report with care. Often, resource constraints prevent clients from responding to control needs. In such a situation, the auditors should ensure that the management is aware of the deficiency and the risk associated with it. As controls cost money, management must decide whether they are prepared to do without the controls and accept the risk.

For significant efficiency or effectiveness issue, the internal auditor must obtain the buy-in from management on the recommended changes. Adopting an aggressive approach on effectiveness/efficiency issues may result in or two possible outcomes. In the first scenario, the auditor may accomplish nothing as the personnel doing the job daily possess more credibility.

In the second scenario, the auditor may be able to push his recommendations through, but it may come at the expense of deterioration in the relationship with the client, who may become hostile towards members of the audit department.

Rule 4: Accentuate the positive

Regardless of the results from the audit, auditors must always be able to communicate their findings and recommendations without using negative, confrontational or accusatory language. When having to report significant findings, such as on fraud, auditors can get their message across by being factual and avoiding editorial comments. Emotionally-charged and subjective language is ultimately counter-productive. Auditors should remain objective and keep their work on a professional plane. They must also give credit to their client for their positive achievement, rather than just discussing problems and weaknesses.

Rule 5: Be informative

To ensure that the clients read and understand audit reports, internal auditors must pay close attention to the content and structure of the reports. The issues should be developed fully and presented in a cogent manner. Audit reports should contain the following elements:

  • Criteria – rules, principles or guides that lead the auditor to the existence of a potential problem
  • Condition – what’s being done (client’s process), focusing only on the facts. The description should be communicated clearly, without judgmental language
  • Cause – helps explain any deviations from criteria and reasons why the deviations exist
  • Effect – answers the question ‘so what?’ That is, what are the potential consequences of the condition? Without a cogent effect, the auditor has not established that a problem exists and does not have a valid audit comment
  • Recommendation – describes the actions for management to consider. The internal auditor’s job is not only to throw rocks but to find solutions to the condition, or an approach to finding a solution, to which all parties are willing to commit and follow.

Agents of positive change

Auditors must remember that they are part of an organizational team. They should approach each engagement with a cooperative mindset and continually seek ways to help other employees and make their jobs easier. To obtain optimal results, auditors must conduct themselves in a way that encourages clients to see them as a trusted counsellor.



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: