In the past few years, I have published several books and have had the opportunity to work with professional editors. I submitted my manuscripts with a bit of trepidation. I hoped they didn’t red-line my work and call me a hack! If they viciously cut out whole sections of my manuscript, I wouldn’t meet their expectations for 300 pages or earn my advance.

I was so relieved to find out that working with professional editors is a pleasure! What a professional editor realizes is that you cannot change someone’s style. I was hired to write a book called Accounting Demystified. McGraw-Hill chose me because I make complex ideas easy to understand and because my writing style is conversational and light. (They did not hire my UT accounting professor to write it—because the title would have to be changed to Accounting Made Really, Really Hard!)

The professional editors pointed out when things weren’t clear and when sentences were awkward and allowed me to fix it in my own way. They didn’t rewrite my sentences. They also didn’t bother to tell me about my punctuation errors; they just fixed them. I have always had a stubborn mental blockage about whether an apostrophe goes in “its” or not. They didn’t rub that in my face, they just fixed it. I thought that was very kind.

More importantly, they caught me at the front end and gave me feedback early on so that I didn’t waste my time. They sent me three examples of other authors’ detailed outlines and asked me to create something similar before I started writing. So before I invested another moment on the project, they asked me to cut two chapters and add another. Meaningful and timely feedback.

Here are two big tips for editing:

1. Put off writing full sentences for as long as you can
2. Relax your control freak nature—do not concern yourself with another writer’s style

Put off writing full sentences for as long as you can

Once you write a full sentence, you become married to it. You have spent time and effort choosing each word and arranging them intelligently. Woe be it to the jerk who puts a red pen to your masterpiece!

In my role as editor at an audit office, I have often found that whole paragraphs would disappear after I had come to a big picture understanding of the piece. Talk about PAIN. Whole families of sentences would get wiped out!

Eventually I figured out that I if I asked the team to submit an outline of their report or finding to me before they wrote full sentences, we minimized the pain considerably. No one cares much if you move a singlet of a sentence around or eliminate it and replace it with something else. There isn’t that much attachment to the outline—the staff is still flexible at this point.

So, to reiterate, get agreement from staff, supervisors, managers, directors, and the client at the outline stage before writing full sentences. Try it, you’ll like it!

Relax, you control freak you!

Who died and made you Stephen King? Who says your style of writing is better than anyone else’s? Ego, ego, ego!

Here is where I got my come-uppance: A virtual governmental accounting genius in our office had written a 30-page report and I was to edit it before it went to our directors. He was a Ph.D. in something incredibly boring and now works for the GASB. You get the picture?

So, I opened up his report and was immediately repulsed by his academic sounding prose. I felt like I was reading a very, very dry accounting textbook. “Arrgh!” I told a colleague, “This is going to demand quite a bit of rewrite.” See how snotty I was?

But then I went back and followed my own rules for editing—which I’ll go into more detail on next month—and first checked to see if he had a logically constructed argument for each of his conclusions.

I made a mini-outline of his argument by using a highlighter and making notes in the margin—and found that his argument was P.E.R.F.E.C.T. He was a genius! All the rumors were true.

I didn’t touch it much after that. I will admit to having to put my two cents in and so I changed a few of his more hoity-toity words to something less academic. A very short editing process for me and virtually painless for him. Looking back on it, I should have just left those two-cent words alone, too.

What would have happened if I had decided that I needed to change his style to mine? I’d probably still be working on that project AND he would have hated me forever. We would have battled like Rock’em Sock’em Robots!

So, in stronger, more direct terms—IF A SENTENCE IS FINE THE WAY IT IS, LEAVE IT THE HECK ALONE! (Hey, you control freaks out there, did you hear that? I say it with only love, your best interests, and hopes for world peace in my heart.)

So, next month, more on editing. We will discuss the three stages of editing and how editing in stages saves major time and frustration—on everyone’s part.

Hi Leita,

Thank you for the interesting article on the differences and commonalities between the yellow book and the red book. As you have highlighted, the yellow book has a different perspective and it definitely conflicts with our more consultative approach with management regarding our work.   From my point of view, the yellow book should be utilized by auditors in which their work will be relied upon by others such as federal agencies and/or auditors.  A prime example is the A-133 audit conducted by the Texas State Auditor’s Office.   I believe that the yellow book was meant for the State Auditor’s Office and not for the internal audit functions at the state agencies and higher education institutions.  In my opinion, the State Auditor’s Office is functioning like an external auditor.  It is interesting that the IIA standards are not even mentioned in their peer review report. http://www.sao.state.tx.us/audit/PeerReviewFY12.pdf

I have always wondered why the Texas Internal Auditing Act required us to follow both the yellow book and red book. Could you enlighten me on the reasoning behind including both IIA Standards and GAGAS in the Texas Internal Auditing Act?

I would definitely like to see the act to be amended to differentiate between the State Auditor’s Office and the internal audit functions across the state when it comes to meeting the yellow book and red book standards.  I realize this is not going to happen with all the other priorities occurring in Austin, but I can always dream. 

Hi Paul -

I agree.  And so does the author of the Act!  At the time, the author was working for the State Auditor’s Office and thought that following both made sense.  But now that he is an internal auditor himself, he is very unhappy with his choice.  Now he realizes only the red book should apply to internal auditors.  Notice I’m not mentioning any names. Wouldn’t want the rest of the internal audit committee to send a posse after him!

And the Internal Audit Act does not require the SAO to follow the red book.  Only the yellow book.  Yes, they do act like an external auditor.  But that seems appropriate, given the position they are in.  The GAO is the legislative auditor for the federal government and the SAO is the legislative auditor for the state of Texas.

I wonder how a change could be made?  Who starts that ball rolling?

Thanks for your response!

Leita,

I just read your abbreviated comparison between Yellow and Red.

I found your comparison insightful – thanks.

My current world is all Yellow; however, I have a question as to which color might apply to me in another life, strange huh?

I am a school board trustee – thus, where do school district internal audit shops fall in this whole color scheme?

Since school districts are funded through public tax dollars (local, state & federal)…are they governmental (Yellow)…subject to IAA of TX (Red)…or something entirely different?

Just wondering?

Hi!

Most internal audit shops prefer to follow IIA standards.  The GAO’s yellow book is written from an external audit perspective – so it has challenges for internal auditors that frustrate them.  So, if you have a choice, I recommend you go with the IIA’s red book.

Thanks for reading!

Hi Leita,

I don’t agree or disagree but I have a question.  I work for X County Auditor’s Office.  County Auditor is appointed by a committee made up by 8 district judges.  This is going to change, but meanwhile, County Auditor does not report to the County officials, such as Commissioners Court, County Judge, or County Administrator.  County Auditor is also Treasurer for the County, and she oversees Financial Accounting, Grants, Accounts Payable, Payroll, and Internal Audit.  Nothing seems to apply to us.  Anything related to financial statements, we have no independence whatsoever.  What do you suggest our most applicable guidance that be?    Thank you.

Are you looking to tell management that you do not agree with this assignment?  That it compromises your independence?

If so, I would consult the yellow book.  Here are a few quotes from the 2011 version that might be applicable: http://www.gao.gov/assets/590/587281.pdf

3.36 Whether an activity is a management responsibility depends on the facts and circumstances and auditors exercise professional judgment in identifying these activities. Examples of activities that are considered management responsibilities and would therefore impair independence if performed for an audited entity include:

a. setting policies and strategic direction for the audited entity;

b. directing and accepting responsibility for the actions of the audited entity’s employees in the performance of their routine, recurring activities;

c. having custody of an audited entity’s assets;

d. reporting to those charged with governance on behalf of management;

e. deciding which of the auditor’s or outside third party’s recommendations to implement;

f. accepting responsibility for the management of an audited entity’s project;

g. accepting responsibility for designing, implementing, or maintaining internal control;

h. providing services that are intended to be used as management’s primary basis for making decisions that are significant to the subject matter of the audit;

i. developing an audited entity’s performance measurement system when that system is material or significant to the subject matter of the audit; and

j. serving as a voting member of an audited entity’s management committee or board of directors.

3.49 If performed on behalf of an audited entity by the entity’s auditor, management responsibilities such as those listed in paragraph 3.36 would create management participation threats so significant that no safeguards could reduce them to an acceptable level. Consequently the auditor’s independence would be impaired with respect to that entity.

INTERNAL AUDITORS 3.31 Certain entities employ auditors to work for entity management. These auditors may be subject to administrative direction from persons involved in the entity management process. Such audit organizations are internal audit functions and are encouraged to use the Institute of Internal Auditors (IIA) International Standards for the Professional Practice of Internal Auditing in conjunction with GAGAS. In accordance with GAGAS, internal auditors who work under the direction of the audited entity’s management are considered independent for the purposes of reporting internally if the head of the audit organization meets all of the following criteria:

a. is accountable to the head or deputy head of the government entity or to those charged with governance;

b. reports the audit results both to the head or deputy head of the government entity and to those charged with governance;

c. is located organizationally outside the staff or line-management function of the unit under audit;

d. has access to those charged with governance; and

e. is sufficiently removed from political pressures to conduct audits and report findings, opinions, and conclusions objectively without fear of political reprisal.

It is not OK for an auditor to audit their own work or a department they are responsible for because they are not independent.

Last month, for the Institute of Internal Auditors chapter in Albuquerque, I compared the GAO’s 2011 version of Government Auditing Standards (the Yellow Book) to the IIA’s 2013 edition of the International Professional Practices Framework (the Red Book). It took two days to journey through both standards, and even at that, we only hit the highlights. The GAO’s 2011 version of the Yellow Book is 215 pages including the ridiculous independence flowchart in the back, while the IIA’s 2013 Red Book is 222 pages.

Before all of the knowledge I gleaned from studying and teaching the seminar went to the secret place where the second sock and esoteric knowledge abide, I jotted down a summary of what we discovered as we contrasted the two sets of standards.

Please excuse a few generalities so that I can keep this list as succinct as possible.

1. The GAO and the IIA start from different definitions of who auditors are and what auditors do. The GAO believes that auditors are better described as ‘accountability professionals’ who keep the greater good of the citizenry at heart as they perform their work. The GAO, then, naturally values transparency and holding government officials accountable for their decisions.  And, the GAO’s standards have a decidedly project-by-project focus. On the other hand, the IIA seeks to assess governance, risk, and controls to add value to the entities for and in which auditors work. The IIA does not encourage transparency and takes a wider, holistic, organization-wide view of auditors’ work and role.

2. The IIA’s Red Book asks audit shops to develop an internal audit charter that sets forth their agreement regarding the purpose and power of the internal audit shop. The GAO has no such requirement.

3. The GAO puts up many barriers to auditors being helpful to their audit clients. The GAO feels that performing non-audit (consulting) services compromises the auditor’s ability to objectively and independently provide assurance against their audit objectives. You cannot help make the baby (consult) and then later call that same baby (audit) ugly. In other words, the GAO does not allow you to help create the internal controls that you will later audit because you will lack the objectivity toward the controls you helped establish. But, the IIA actually encourages internal auditors to consult and be helpful and establishes ‘consulting’ standards to assist in that effort.

4. The GAO wants you to document your consideration of auditor and audit team independence using the ‘conceptual framework’ borrowed from the AICPA’s literature. The IIA is nowhere near as formal when it comes to assessing auditor independence and does not require project-by-project documentation.

5. The GAO requires that every three years the auditor’s quality control system, which includes six components, undergo an external peer review. The GAO’s description of the quality control system includes six components.  The IIA requires an external peer review every five years and leaves the structure of the quality control system largely up to the auditor’s judgment.

6. The IIA is much tougher than the GAO when it comes to bragging rights.   Under GAO standards, following every ‘must’ requirement allows you to claim your adherence to the standards once you kick off your first audit.  In contrast, the IIA requires an audit shop to undergo a peer review before claiming in their audit report that they are following Red Book standards. Under both standards, you must disclose when you do not follow a ‘should’ requirement. The GAO requires that you disclose the noncompliance in your audit report, but the IIA is not clear on how or to whom the noncompliance is disclosed.

7. The GAO talks about three types of assurance engagements: financial audits, attestation engagements, and performance audits. For financial audits and attestation engagements, the GAO incorporates AICPA guidance. The IIA simply discusses “assurance services” and does not group them into types or levels of assurance. The IIA also does not formally acknowledge or encourage the use of any other standard. Instead, the IIA talks about the nature of the auditor’s work: internal auditors are expected to focus their efforts on their entity’s governance, risk assessment, and controls.

8. The GAO asks that auditors use the results of prior audits that are relevant to their audit objective in planning the audit. Under Yellow Books standards, a formal follow-up process or statement is not required. Yet, the IIA requires you to follow up on prior audits.

9. The GAO focuses on one single engagement at a time and requires no development of an audit universe or an annual plan. But, the IIA asks chief audit executives to document all of their potential audit subjects and select the riskiest subjects for their annual audit plan.

10. The GAO wants you to design your audit to detect fraud and non-compliance. The IIA asks that you simply be aware of fraud and does not require auditors to perform procedures to uncover it.

11. The GAO asks that auditors write findings when they find fraud, internal control weaknesses, noncompliance, and abuse. The IIA calls reportable conditions ‘observations’ and does not formally recognize noncompliance or abuse as triggers of an observation.

12. When you answer the audit objective on a financial audit or an examination under Yellow Book standards, you opine. When you answer the objective on a performance audit under Yellow Book standards, you conclude. The IIA will let you use either word – you can opine or conclude when answering the objective.

13. The GAO requires auditors to get 80 hours of CPE every two years. The IIA encourages auditors to get CPE, but does not require a specific number of hours.

Is that everything? No. But isn’t that enough for anyone?

I suggest that you also look at the IIA’s guidance regarding the comparison of the GAO vs. IIA standards.

Good luck, my orange fellows. You have plenty to live up to!

If you have any comments, please write to me at Leita@yellowbook-cpe.com I’d love to hear from you regarding whether you agree or disagree with my summary.  I’d also like to know if you found it helpful.

A logically organized report is a gift to the reader. In this course, you will learn how to create meaningful, concise reports without all the headache. We will discuss ways to streamline your writing process as well as techniques for organizing your thoughts.

This 1.5-day class is beneficial for both new and experienced auditors.

New auditors learn how to use the elements of a finding to structure their message. Experienced auditors learn how to set clear expectations, quickly review audit reports, and coach staff to improve their writing. We will walk through each step of the report writing process and learn how to craft a clear message to fit the audience.

The class is centered on the five elements of a finding — as required by the GAO and the Single Audit Act and suggested by the Institute of Internal Auditors.

Topics include:

• Structure audit content in support of audit recommendations
• Create convincing, implementable and auditable recommendations
• Generate concise and logical findings in an hour or less
• Choose the strongest content for your finding
• Decide how much detail to share in the report
• Quantify findings
• Enhance the readability of your report
• Recognize dangerous tone and language
• Establish expectations and guidelines for creating a compelling finding
• Decide when to pursue the root cause
• Focusing the report conclusion on a finite, answerable objective

Program level: Intermediate

Instructional method: Group live instruction

Prerequisites: More than one year of audit experience

Who should attend: Auditors who write or review audit reports

Recommended CPE credit: 12 hours

I am a sharer, a disseminator,and a bug-like genetic slave to my professional function as a teacher and author.

Like bees, most auditors stick with their own kind. They stay in either the internal audit garden or the CPA firm garden, reluctant to work with other flowers.  But I work with anyone who says they are an auditor because I am a foolish capitalist.  I’m foolish because I don’t always succeed.  And I’m a capitalist because I’m motivated by my need to pay the rent.

Because of my capitalist tendency, I have worked with just about every type of audit team there is:  internal auditors in both Fortune 500 corporations and in government at federal, state, municipal, and county levels.  Plus I frequently work with CPA firms that contract as internal auditors,  inspector generals, legislative auditors, and folks who call themselves auditors but who are really monitors.

As nervous as I am flying to new flowers, I always find more similarities between flowers than differences.  An audit is an audit is an audit. The only differences between audits are the subject matter, the criteria, the level of assurance, and the standards that the auditors follow.  Otherwise, we all use similar methodologies to come to our conclusions and opinions.

What’s more is that I learn from every single interaction, and each makes me a better bee.

So what do I see as I flit from flower to flower?

A struggle with the risk assessment process.  Anyone claiming to have a perfect risk assessment process is full of it… and I’m not talking about honey!

Big corporations pay top consultants to show them the best risk assessment processes.  And being the stinker I am, I can always shoot holes in their processes.

These so-called ‘super methods’ don’t work in the field, or even in the classroom.  Some are burdensomely detailed, while others’ vagueness causes audit teams to roam aimlessly, working themselves into a frenzy.

This is, without a doubt, the most important step of the audit, and as a profession we still don’t have it right.  But, we can look to the AICPA who has the best available guidance for auditor risk assessment.

Reports give audit teams fits. That is, reports give auditors fits if they care about them.  Some audit teams think the audit report is the least significant part of their work. These folks pay their final product little mind.

But internal auditors, who seem to care more about their reports than CPA firms do, sometimes drive themselves and their teammates crazy. They spend as much time on the report as they do on the audit, passing it back and forth, tweaking it, crafting it…often for no more than incremental improvements.

All auditors could benefit from the guidance regarding reporting offered by the GAO’s Yellow Book.

The desire to reduce cycle time.  Salaried auditors are neither motivated by profit nor in a big hurry. They are most likely to have broad audit objectives, the ultimate cause of most long, drawn-out, never-ending audits.

Because CPA firms recognize that each project can generate a profit or a loss, these auditors move more speedily.

Regardless of bee type, all leadership prefers their audit teams to complete projects faster.  They might look to the GAO who best describes the parameters of an audit project.

True auditor independence is elusive. Internal auditors are employed by their audit victims, and CPA firms get hired and paid by theirs.  Some auditors actually report directly to their main audit victim, the Chief Financial Officer, who can squelch their results.

Of all auditors, legislative auditors have the best chance of being truly independent.  And staying out of politics may allow them to tell the truth without suffering painful consequences.

The GAO, who is the legislative auditor for the federal government, does the best job with the concept of independence in Chapter 3 of the Yellow Book.

Leadership matters.  Getting the technical aspects of an audit right is hard enough. But add to it a weak leader, and you might as instead study for some sort of professional certification, because your audits aren’t useful to anyone.  No amount of training or technical competence can overcome a leader who can’t articulate their wants and refuses to direct the team.

Of all the standards, the IIA standards best define the role of the audit executive.

Do you see what I see?  

If you could see what I see as I buzz around, you probably would say to yourself, “Oh, that looks familiar.  We have an issue with that, too.”

Being a worker bee is hard and lonely.  All professionals should have bee friends from other hives with whom they can share ideas, tools, and dilemmas.   

The IIA’s motto “Progress Through Sharing” encourages audit bees to open their little wings and fly.  And if you aren’t into sharing (maybe because you don’t want your competitors to get a leg up — CPAs, I’m talking to you!), attending conferences with like-minded bees can open your eyes to their latest struggles.

Belushi says in this video:

Click here to view the video on YouTube.

I’m a king bee baby, want you to be my queen.
Together we can make honey baby, the world has never seen.

Buzz, buzz! Baby.

Question:

Hi Leita,

X and I are preparing our brief for X about our Audit Reporting Class last week. (ROI for training dollars!) We are want to sell to him and our work leads that our standard audit report format could be improved.  We found ourselves with a question that we don’t know the answer to. Why do you/ should you include background in the report at all? And, how deep should the background information be?

We also reviewed my last (also my first) audit report. It was painful, but X was a real champ at giving me feedback (and he didn’t use red ink!) We both really enjoyed your class. We are bubbling with ideas and annoying the heck out of our colleagues.

Awaiting your wisdom as we attempt to communicate vertically, horizontally, laterally, and diagonally.

Response:

I am glad you guys enjoyed it!  And I am so glad you have a great sense of humor!

Background is designed to help give readers context.  Many of our key readers don’t need it at all because they are already acquainted with the subject matter.  For that reason, I think it should go in an appendix.  In a small box or space near the front of the report, you can pose the question, “Want to know more regarding the size, purpose, and funding source of this program?  See page X”

I would think the background would seek to answer a few key questions that could be posed as headers:

• What is the purpose of the program?
• What is the scope/size of the program?
• How is this program funded?
• What is changing about the program?  Any interesting threats/developments?
• Why did we choose this program for audit?
• Maybe… just maybe… the history of this program.  That is almost always guaranteed to bore a reader…
• Other info the reader should know…. Again, posed as a question.

I am just doing that off the top of my head, you realize. 

Let me know how the team takes it!

All the best!