Disclaimer: If this sounds like a bunch of auditors grousing about their clients, that’s by design. When you work with a lawyer, business consultant or other skilled (and expensive) professional, you prepare ahead, have all relevant documentation at hand and tee up staff to collaborate, without a second thought. After all, you’re paying for the time and stand to walk away with valuable insights.
So why should the auditor relationship be perceived as confrontational by default?
“Our primary role as auditors is to protect, but also to help the organization grow,” says Richard F. Chambers, who sees the “auditor as punisher” view as an antiquated take on business reality.
Chambers should know. He holds CIA, QIAL, CGAP, CCSA and CRMA designations and is president and CEO of The Institute of Internal Auditors. The global organization has national arms, such as IIA North America, and local chapters too. Before joining The IIA in 2009, Chambers was national internal audit advisory services practice leader for PricewaterhouseCoopers; inspector general of the Tennessee Valley Authority; deputy inspector general of the U.S. Postal Service; and director of the U.S. Army Worldwide Internal Review Organization at the Pentagon.
Suffice it to say, he has insights.
First off, a C-level executive should have her auditor’s back. In Europe, it’s common for internal auditors to report to the CEO; in the United States, to the CFO. “In either case, the CEO or CFO should be a champion,” says Chambers. That means modeling empathy and helping auditors minimize tension without compromising on their duties.
“If auditors are causing angst, the CFO can coach them and also become a conciliator between auditors and other management,” Chambers said.
We heard that sentiment from many of the auditors and finance pros we spoke with.
“When it comes to financial auditing, it can be scary, but auditors are not out to get you — they’re people too,” said Grey Idol, co-founder of Payroll Funding, a factoring firm that specializes in purchasing invoices from staffing companies. “If you make life easy for your auditor, things go a lot smoother.”
For those who see the wisdom of Idol’s advice, here are nine insights on what auditors, both consultative and internal, dislike — and a few things they wish CFOs knew.
1. No system descriptions. Auditors must be able to clearly document their organization’s or client’s accounting processes. Period.
“If they have thorough system descriptions, we can make sure we understand the process by reading them, and only need to take up the client’s time to walk through an example,” said Abir Syed, a CPA at his own consulting firm, Upcounting. Previously, Syed was an audit manager with Ernst & Young and VP of finance at “a well-funded startup.”
Lacking solid descriptions, auditors must interview people on the accounting team to get an understanding of the process. That wastes everyone’s time.
“Bonus points if the system description explains what happens with exceptions,” Syed says.
2. Frequent manual workarounds. “If there are a large number of transactions that follow an identical process, it can significantly reduce the amount of testing we need to do,” Syed said. “If there are a lot of manual overrides, workarounds and exceptions, it might require walking through several of those transactions as well to make sure they don’t have adverse accounting effects.”
Handwritten bills and records make matters even worse, says Ian Kelly, VP of operations at wellness company NuLeaf Naturals. Kelly has launched two companies and consulted, so he’s been through a number of audits, some more pleasant than others.
“There have been instances of auditors confusing the numbers, and then they’re forced to redo the whole process,” he says. “In the case of illegible handwriting, it just takes the frustration to a whole new level.” Even if your company uses a lot of paper, make sure you digitize everything before an auditor shows up. That process alone may uncover errors that you can then fix before they show up on a report.
3. Lack of responsive banking and other financial relationships. CFOs shouldn’t work in a vacuum. They need strong relationships with their bankers, mortgage firms, credit issuers and other funding sources so that responses to an auditor’s requests for confirmation come in quickly.
“Auditors have to tie down all the numbers on the balance sheet, most importantly the cash,” says Kristy Clabaugh, a CPA and partner at accounting firm Element CPAs. “We need more than bank statements to make our attestations that this is how much the company is leveraged.”
Plan ahead, especially when you have many relationships.
“CFOs or CEOs should notify bankers and other financial service providers a week or two ahead to expect requests for confirmations on loans, mortgages, bank accounts, lines of credit and other accounts from the auditor,” Clabaugh says. “If the executive has a good relationship with their banker, the confirmations will be turned around quickly. If not, the process can drag on.”
4. Little or no preparation — or worse, delays and excuses. To accelerate the auditing process, make sure all standard financial statements and transaction documents are easily available, and set up access to related applications, such as payroll, asset, inventory and stock-option accounting. Add to that mix foundational documents, such as articles of incorporation and long-term lease and other legal agreements, plus everything the auditors directly requested for this engagement.
“Maximize your time with the auditor by getting a list of required items, such as board minutes and reconciliation documents, well in advance to give your staff time to get ready,” Chyla Graham, a Denver-based CPA and president of CNRG Accounting Advisory, told Brainyard. “Preparation is so critical.”
Incomplete financial statements, transactions that are not supported by documentation and missing documentation exasperate auditors.
“Auditors will send you a list of documents you need to prepare in advance,” says Idol. “There’s really no excuse for not being ready, especially not the ‘I was too busy’ reason. Face it — you should have quick access to all your financial documents.”
And don’t forget proof that you made changes requested in the last audit.
“If auditors asked for specific information, have it ready for them,” says Ben Reynolds, CEO and founder of investor information site Sure Dividend. “If you had an audit the year before and they asked for changes, then have documentation showing how the changes were implemented. Don’t try to guess or estimate answers. They are there for exact numbers.”
5. Using subpar software. “Some cheap or free software is notorious for making things complex,” says Kelly. “It will make the auditing process tougher. There are also security and compliance issues.”
Look for accounting software that has built-in audit-trail functionality. Solid transaction-tracking capabilities make it easier for auditors to verify the accuracy of your numbers. That minimizes the work involved in both internal and external audits.
Nowadays, audits are likely at least partially remote. Cloud-based accounting software — a top priority for respondents to the latest Brainyard survey — makes it easier for auditors to drill down in financial statements to underlying ledgers, reports, reconciliations and original transactions. Capabilities such as attaching supporting documents to transactions makes for a self-service model, where auditors can get what they need without your team having to stop and dig up information for them.
The days of gathering mounds of paper documents for an audit are pretty much over, providing your company has professional accounting software with the appropriate recording and reporting capabilities — and that your team uses it correctly.
Most auditors, including those from the IRS, can integrate their tools with popular business accounting software. Indeed, the IRS routinely requires accounting software backup files early in the auditing process. The agency will require an admin username and password and the designated backup file on a CD, DVD or flash/jump drive.
Other external auditors may ask for a temporary, read-only password to access accounting software in the cloud or request hard copies of backup files. Internal auditors generally already have admin access to the firm’s accounting software and records.
If they don’t, that’s a big red flag that the relationship needs work.
6. Gray areas. “The rules that dictate what’s correct and incorrect are hardly black and white,” says Zach Reece, a CPA who was formerly with Deloitte. “Two auditors can look at the same tax return and come to very different conclusions and disagree on whether the filing even warrants an audit.”
“When a company disputes why they’re being audited, oftentimes they have some valid points because their so-called ‘errors’ really are up for interpretation,” he says. “Gray areas often lead to clashes between the auditor and the auditee or their own company higher ups.”
When in doubt, ask the auditor for an opinion ahead of time.
“Over the years, I’ve come to learn that auditing is actually not an exact science,” says Kelly. “There are some gray areas that require interpretation. So in the case of disagreements, it will save you a lot of time if you understand the subjective nature of some aspects of the auditing process.”
7. Neglect and carelessness. “Auditors hate to see unnecessary losses and the many problems that ensue,” says The IIA’s Chambers. “Waste is a failure of internal controls and risk management. Neglect means management has abandoned key responsibilities, leading to issues that could have been avoided.”
Chambers and Graham stress that CFOs should look at an audit, especially by an experienced external professional, as an opportunity for growth. While of course they won’t name names, Graham says it’s within scope and ethical guidelines for your auditors to share best practices and smart ideas they’ve seen at similar firms.
But it’s difficult for an auditor to suggest growth actions when large profit drains exist, says Chambers.
“Loss through carelessness, where there was no due diligence or oversight — for example, a costly environmental accident — can be debilitating to an organization,” he says.
8. No proper segregation of duties. The American Institute of CPAs (AICPA) considers the segregation of duties a basic and essential part of sustainable risk management and internal controls for any business.
“Basically, what auditors are looking for here is the likelihood that the numbers have been manipulated,” says Clabaugh. “If the same person is doing everything from receiving payments to paying company bills, the numbers have insufficient controls, and there’s a lot more auditing work involved.”
In other words, no segregation of duties raises the possibility of fraud. Even when there isn’t any evidence of malfeasance, the auditor’s work increases substantially. SMBs in particular often run afoul of audits in this way.
“It’s understandable that a person might need to wear several hats at a small company, but those hats should still be distributed with respect to segregation of duties,” says Syed. “If that’s not done, it can substantially increase the perceived risk, and therefore the testing that needs to be done.”
9. Staff that ignores or bypasses controls. “When there are internal controls that can significantly reduce risk — and the work required for an audit — but management constantly overrides the controls or ignores them, then that eliminates all those savings,” says Syed. “It’s especially bad if we only find out that they don’t respect the controls once we’re on site and have budgeted for a much shorter low-risk audit, and it turns out we have to do way more testing and get a lot more work done in the same amount of time.”
Internal controls help only if they are actually used.
A prolific writer and analyst, Pam Baker’s published work appears in many leading print and online publications including Security Boulevard, PCMag, Institutional Investor magazine, CIO, TechTarget, Linux.com and InformationWeek, as well as many others. Her latest book is ”Data Divination: Big Data Strategies.” She’s also a popular speaker at technology conferences as well as specialty conferences such as the Excellence in Journalism events and a medical research and healthcare event at the NY Academy of Sciences.