How different can an audit be?
A few weeks ago, a girlfriend of mine accepted a job as an auditor at a local CPA firm. Previously, she was an internal auditor at a state agency and she is worried about adjusting to the new environment and expectations.
Since, in my line of work, I experience both types of auditing – internal and external – I offered to help her transition. We met at her new office and spent most of the workday pouring over a set of working papers and cross-walking them to audit standards. It was an eye-opener for her.
In the first few minutes of our meeting, it became clear that, in her new job, she will need to produce results much faster. The CPAs in her new firm finish most of their not-for-profit audits in one week. As an internal auditor, my girlfriend had a very generous amount of time to evaluate her subject matter. Her last project as an internal auditor took her six months to complete.
What causes that huge gap in the amount of time spent on audit projects?
1. Profit is very motivating. CPA firms are profit-driven. The faster they finish an audit, the quicker they can begin another project. Performing audits speedily allows them to take more jobs and thus make more money. When they move too slowly, they put their jobs at risk.
2. Repetition breeds efficiency. CPA firms perform essentially the same audit over and over. Once the CPAs learn the format and content of working papers, they use that knowledge again and again as they move from not-for-profit financial statement audit to not-for-profit financial statement audit. Contrast this with internal auditors who seldom repeat the same audit; each project involves a new subject matter and scope.
3. Finite subjects are the rule instead of the exception. CPAs must commit in writing, at the start of the project, to a specific subject matter and criteria. CPAs cannot start an audit until the client agrees to their audit objective and scope. Period. End of story. And CPAs religiously stick to that agreement. Scope creep is not permissible (reference point #1). Conversely, internal audits often start with a vague objective, and nothing in the auditing standards mandates (but it is suggested) that internal auditors get the clients’ approval before proceeding. Some internal audits start with one objective and end somewhere entirely different. In their quest to create value for their customers, some internal auditors hop down bunny trails, inspecting every possible avenue of interest while they are onsite.
4. Tools are standardized. CPA firms purchase from an audit service tools and forms that allow them to repeat the same tasks and produce similar-looking results for each audit. Unless the internal audit team has worked together for years or includes many members, it usually doesn’t standardize forms and tools. This means that, on every audit, each auditor devises his or her own forms, memos, and tools afresh.
5. Documentation standards are looser. CPA firms use the same tools and look at fundamentally the same working papers every time. CPA firms have a standard working paper index, standard tick mark legend, standard schedules – the whole bit. This means that everyone in the office – the reviewers, the partners – knows where the evidence lives in the working papers and from whence it comes. As an outsider reviewing the CPA firm’s working papers, I couldn’t find the source of a few numbers. When my girlfriend and I asked the CPA firm manager where the information was, she quickly replied, “That is on B-1. That is always on B-1.” Ah, the joys of repetition. In internal audit environments, auditors are encouraged, and sometimes required, to put a description of the source, purpose, procedure, results, and conclusion on every working paper and to make sure that all significant info is cross-referenced. Internal auditors can, and often do, spend much more time perfecting working papers and sending them through multiple levels of review.
6. Reports are significantly easier to create. The bulk of a CPA firm’s audit report is a form letter, created by the AICPA, full of all sorts of legalistic mumbo jumbo. Filling in “name of the entity here” doesn’t involve much creativity. And CPA firmsare not known for creating detailed audit findings involving a lot of backup and craftsmanship. Unless they are doing a Yellow Book audit, CPAs hesitate to be specific about issues because their clients don’t appreciate the detail and the resulting enhanced transparency and accountability. Internal auditors, on the other hand, often create dozens of pages of text entirely from scratch. They have to balance the truth with politics and the demands of their customers. They draft and edit and draft and edit, often taking months to finish the report. Sometimes, in the middle of what should be the reporting phase of an audit, they decide they need more evidence and return to fieldwork. And redraft and edit and redraft… You get the picture.
This is a huge change for my friend. She will have to step on the accelerator. A CPA firm cannot afford to employ someone who doesn’t produce. And the organization will assume she already knows how to perform audits and won’t need much guidance. I anticipate and welcome quite a few emails from her – as do I from you.
Governmental auditors unite! Leita Hart-Fanta, CPA, CGFM, and CGAP is the author of “The Yellow Book Interpreted” and owner of Yellowbook-CPE.com a website devoted to training for governmental auditors. Whether you are an internal auditor or monitor for a government entity or a CPA doing grant audits, you will enjoy Leita’s humorous take on the complexity of auditing in the government environment.