In this episode of THE SAMPLE, Leita Hart-Fanta, CPA warns auditors of behaviors that can blot out the credibility of audits.
Welcome to The Sample, a quick discussion of auditing concepts and terms that will help you do your work. Conducting an audit in accordance with auditing standards is no small feat and I want to support you. We’ll be referring to the GAO, IIA and AICPA literature to bolster our conversations. Let’s get started.
In this episode, we discuss how to blot out the credibility of your audits. Okay. You obviously don’t want to do that. That was a pretty facetious statement there, because our credibility is all we’ve got.
Like, you go to a program manager in government and you say, “How’s it going?” They’re going to say, “Great, please move on.” Right? So you can’t actually ask the people running the operation, running the program, how things are. So that’s what we do. We come in and evaluate how things are, because they’re not objective. We are. And we must always maintain our credibility, so people will believe our results.
So let’s talk about these six ways that I see auditors damaging their credibility.
First of all, I see auditors exaggerating and making stuff up. Every statement that we make in our audit report has to be tied to evidence and not be an exaggeration. Take a minute just to read through these five options of how to say the same sample results or testing results, and think about which one of these is the most honest or which few of these are the most honest. Okay. If you need more time, of course you can pause the video.
So our sample was six out of 30 payments. This number two is pretty honest. Six out of 30 payments were not approved. That’s okay. We put a percentage. Number one also has a percentage, but that’s a lie. You cannot take the small sample size and extrapolate it to the entire population and say 20% of all payments are not approved. So number one is an exaggeration. Number two is accurate, a little bland.
Number three and four are accurate and add some more detail. So those are fine. Number five, again is a lie. The first sentence is not a lie, but when we took that 20% and we applied it to the 2.2 million and we got this massive number of payments that were not approved, there we have exaggerated. Don’t do that. All of these statements in two, three, and four, we can tie to a working paper and a test. That’s our happy spot.
#2 Shaming the auditee
Another thing you don’t want to do is shame the auditee. That sentence right there is mean because it uses the word weak and it’s vague. And usually mean words are attached to vague words. This is going to make the client unhappy, and they’re not going to know why they’re unhappy, maybe. And it’s because you’ve called them weak. You’ve called their work week. And this just says nothing. Internal controls over cash. What are you talking about? This second way of addressing this is a little better. Then at least the second sentence tells us what’s really going on, but we’re still shaming the client by using the word weak. Why don’t you just stick with the third sentence, the third solution here, and just say what’s so?
That way you don’t have to use mean words, such as weak, poor, inadequate failure, insufficient, lacking, loser. You’re terrible. I can’t believe you have a job. Okay. Don’t do that to people. And usually these words are attached to these vague words and I could shift, I could take this lacking internal controls, lacking supervision, lacking documentation. I can apply these mean words to these vague words all day long. And I see it a lot in audit reports. You can’t tie that to evidence and you’re being mean. Don’t go there. Don’t shame the client.
#3 Making the subject matter
Another thing we do that messes with the credibility of audits is making the baby. So independence is an extremely important quality of an auditor. If we aren’t viewed as independent and impartial, then we’re not worth paying at all. There’s just no point in us existing because they could just go to the program people and ask them the same question and hear a lie back, right? Or a fib or a white lie back, right? So we’ve got to sure that we stay clear of the subject matter, and we don’t get involved in managing the subject matter in some way or creating the subject matter.
On the left hand side is a diagram of a true blue audit. It’s not perfect, but you’ve got the auditor evaluating the auditee and reporting back to a governing body. On the right hand side, you’ve got the auditor, which we’re now going to change to the word consultant, working with the client. Here’s where I’m going to get crude.
On the right hand side, we’re making a baby, and on the left hand side, we’re being asked to tell whether the baby is ugly or not. If we are actually making the baby, we have lost our objectivity and cannot say whether the baby is ugly or not. Because now we’re in love with the baby. Try not to make babies. People won’t believe us. They’ll go, “But you made that baby.”
#4 Softening results to save our hides
Another thing we do is soften results due to politics or fear of being too direct. There’s lots of reasons I see auditors making very vague recommendations. That will have long-term negative consequences on you, the auditor, because it’ll be hard to follow up on your own recommendations and things won’t get changed. The more specific you can be, the better. As we travel down this list, I’m getting more and more specific with this recommendation. The first one here, number one – we recommend you implement additional controls – that says nothing. We don’t know who’s going to do it on their end. And we don’t know what control we’re talking about.
With number two, we’re doing a little better in that we name management, but that’s not really that much better because there’s probably a hundred managers at an organization. And then we actually throw in this really, soft word here: consider. So to follow up on this, we’d come back and we’d say, “Did you consider implementing additional controls?” And they’re like, “No, we didn’t feel like it.” And then we have to keep having that conversation with them next year to get them to fix it.
This is impossible to audit. Number three is very vague. This (#4) is getting a little bit better, because we’re actually saying what control we want in place (cash reconciliations). This one (#5) is even better. We’re naming someone, not just vague management, but a clerk. And down here (#6), we’ve named two people, and we’re saying exactly what we want to get done. Write your recommendations so that you can follow up on them, and so that everybody’s clear on who’s doing it, and what you and the auditee agreed should be done about the situation.
#5 Auditing something stupid
Another thing that can ruin the credibility of audits is auditing something stupid. Audit failure is consuming time reporting on something silly that no one cares about. One of my first assignments was ridiculously stupid. I traveled around the state of Texas looking at state-issued furniture. What?! I was looking at inventory tags to make sure that the records that they kept on where the desk was was accurate. I was in one small entity, a court in El Paso. A woman who was small and a guy who was kind of tall switched desks with each other, and that meant that the records were not accurate.
I had to write a finding. I sat in front of a judge who’d been on the bench for 30 something years, and told him I was going to report him to the legislature for swapping desks because his records were not accurate. And I was mortified and he was disgusted. This is a credibility killer.
He’s like, “Really? You traveled all the way out here to tell me that? Come on.” Right? Instead I should have been looking at whether the children are being educated, the elderly are being cared for, our bridges are safe. These are important things that those same resources I used to check the desk could have been used to ask these more important questions. Work on important stuff, not petty stuff, please.
#6 Failing your peer review
Failing your peer review. Peer reviews are the way that our profession makes sure that we are following standards. These are quotes out of the Yellow Book. Again, it says we must establish and maintain a system of quality control that is designed to provide the audit organization with assurance that we’re complying with professional standards. And every three years, someone from outside of our organization comes in and checks.
This is under Yellow Book standards (IIA is five years). Every three years come in and check that we are following standards. The peer reviewer is not gonna pull any punches, I’m afraid. You know how I was talking about being shamed earlier? They are going to shame you, because they’re either going to say you pass the peer review, you pass with deficiencies (which is not a nice word at all), or they’re going to fail you. This will not look good to your auditee. They’ll go like, “Oh, you’re expecting us to have our act together, but you don’t have your act together. You’re not credible.”
6 Killers of the credibility of audits
So those are the six main credibility fo audit killers that I see: exaggerating and making stuff up, shaming the auditee, making the baby (ruining our independence), softening our results due to politics, auditing something stupid, and failing your peer review. Keep that credibility intact, guys. That’s what we’re all about.
Would you like to learn a little bit more about the credibility of audits and earn some CPE at the same time? To delve into each of those credibility killers in more detail, I recommend the Virtual Audit Bootcamp, which I offer about three times a year. I look forward to seeing you there.
That wraps it up for another episode of The Sample. True to the nature of a sample, we didn’t talk about everything, so you’ve probably got questions. Write to me firstname.lastname@example.org and I’ll do my best to fill in the blanks. Thanks for playing.
For More Info: