Whenever the auditee endeavors to control the auditor’s work, an auditor’s independence and objectivity is threatened. The GAO gives this threat a name: The undue influence threat.
Now whether the auditor recognizes the threat is another matter!
Once I was teaching a huge crowd of CPAs in a San Francisco and one asked, “Is it OK for the client to both select and pull our sample?” Gasps echoed throughout the ballroom and, voilà, he had his answer.
“No, Sir.” I emphasized, “It is not OK for the auditee to control what you are auditing. You need to decide what to sample for yourself.”
Here is another example of an undue influence threat
A CPA in public practice agreed to keep audit costs low by allowing the comptroller to provide key accounting data in excel spreadsheets. This way the auditor wouldn’t have to bill for extracting the data from the accounting system and manipulating it themself.
After a few years of doing this, the comptroller decided that she would save the organization even more money by selecting and pulling a sample of transactions for the auditor.
The comptroller complained vehemently to the CEO when the auditor refused to use her data and instead insisted on choosing his own sample. The CEO told the auditor he was disrespecting the comptroller’s time and effort and, in order to appease the CEO and the comptroller, the auditor agreed to use the comptroller’s sample.
Why do we have to maintain control of our work?
The auditee is not objective about their own work and may decide to not share the truth about what they are doing… or not doing! If the auditee both selects and pulls the sample, they could skew your audit results.
We auditors are hired to provide the governing body with objective, factual information. Thus, we can’t allow our evidence to be corrupted by the auditee.
The definition of an undue influence threat
GAGAS 2021 3.30 e. Undue influence threat: The threat that influences or pressures from sources external to the audit organization will affect an auditor’s ability to make objective judgments.
Some auditors use the term ‘scope limitation’ to describe undue influence threats. Here are specific examples of undue influence threats from the GAO.
3.42 Examples of circumstances that create undue influence threats for an auditor or audit organization include existence of the following:
- External interference or influence that could improperly limit or modify the scope of an engagement or threaten to do so, including exerting pressure to inappropriately reduce the extent of work performed in order to reduce costs or fees.
- External interference with the selection or application of engagement procedures or in the selection of transactions to be examined.
- Unreasonable restrictions on the time allowed to complete an engagement or issue the report.
- External interference over assignment, appointment, compensation, and promotion.
- Restrictions on funds or other resources provided to the audit organization that adversely affect the audit organization’s ability to carry out its responsibilities.
- Authority to overrule or to inappropriately influence the auditors’ judgment as to the appropriate content of the report.
- Threat of replacing the auditor or the audit organization based on a disagreement with the contents of an audit report, the auditors’ conclusions, or the application of an accounting principle or other criteria.
- Influences that jeopardize the auditors’ continued employment for reasons other than incompetence, misconduct, or the audited entity’s need for GAGAS engagements.
Is any of that happening to you? Then your independence has been threatened and you need to work through the ‘conceptual framework’ prescribed by the GAO. The conceptual framework is a three step process where you identify the threat, decide if the threat is significant and then apply safeguards if necessary. Each of those three steps has to be documented in your working papers.
Be careful about collaborative auditing
Have you heard of collaborative auditing? In collaborative auditing the auditor gives up some control and allows the auditee to help shape the audit. For instance, the auditee may request certain subject matter be avoided by the auditor. By allowing the auditee some say-so, it demonstrates the auditor doesn’t know everything and has the organization’s and the auditee’s best interest at heart.
There’s a line that, when crossed, compromises the auditor’s objectivity and independence. I can’t define that line for you, but instead can offer a question you could ask yourself when you decide to collaborate: “If I choose this path, would an objective third party with knowledge of circumstances doubt or question my audit results?”
If the answer is yes, you need to wrest back control of your audit.