Most of the time, our audit victims and customers trust our conclusions and opinions. Many of them don’t clearly understand what we are doing and they take our conclusions at face value. Naturally, they are very happy to accept our reports when they are positive. I imagine them saying to their colleagues after the exit conference, “Yes! We dodged that bullet. Now that the auditor is gone, let’s get back to work.”
But when the victim or customer isn’t happy with the audit results, they try to find reasons to contradict what the auditor has concluded. Maybe the auditor is asking them to pay back some money that they misspent. Maybe the auditor is telling them that their procedures aren’t getting the job done. Maybe the auditor goes as far as to question their intentions and integrity. When the audit results get that touchy, the auditor should expect resistance.
Handing them the ammunition
Some auditors make it far too easy for the naysayers to shoot holes in their audit reports by simply failing to apply the auditing standards. It is like handing the auditee ammunition for their gun!
I served as an expert witness during a dispute between an auditee and their auditor recently. The auditee hired a law firm to help them fight an auditor’s conclusion that the auditee had overbilled the feds more than $100,000. I was hired to help convince the court that the auditor’s conclusions could not be relied upon.
State law required that the audit be conducted in accordance with government auditing standards and the auditor stated in the report that they had followed the standards. But it was clear from reviewing the audit report that the auditor hasn’t read or applied any version of the yellow book created in the past decade.
Every type of engagement mentioned in the yellow book comes with its own paragraph or more of canned language – be it a financial audit, an attestation engagement, or a performance audit. And this language was missing.
This, along with a few other missing pieces of their audit report, let me n on another, bigger issue. This auditor obviously did not have a mandatory quality control process in place because a quality control review of the audit report would have caught these errors.
The entity that contracted for these audits and oversaw the results was obviously clueless regarding the standards, too.
Was I able to completely discredit their audit results? No. Just because they blew off the standards in the audit report does not mean that they didn’t gather strong, convincing evidence to back up their conclusions. But if you add their obliviousness to the standards to other relevant facts in the case, the lawyer will be able to make a good case that the audit needs to be redone, recast, or that the questioned costs should be dismissed.
Credibility is so easily damaged
I must admit to skipping over the “professional judgment” standard in the yellow book during my seminars. I always found the standard vague, obvious, and messily comprehensive. It reads like a repository of vague admonitions from the GAO to be careful at every turn.
But after looking at those substandard audit reports – I approach this vague sentence imbedded in the ‘professional judgment’ standard with more appreciative eyes:
- GAGAS 2011 3.61: Reasonable care includes acting diligently in accordance with applicable professional standards and ethical principles.
I have always absolutely loved this paragraph:
- 3.04 Auditors and audit organizations maintain independence so that their opinions, findings, conclusions, judgments, and recommendations will be impartial and viewed as impartial by reasonable and informed third parties. Auditors should avoid situations that could lead reasonable and informed third parties to conclude that the auditors are not independent and thus are not capable of exercising objective and impartial judgment on all issues associated with conducting the audit and reporting on the work.
Yes, I know that 3.04 is talking about independence, but imagine replacing the word “independence” with “credibility” or “professionalism” and it works just as well.
Tweaking the audit report to comply with the reporting standards would have taken so little effort, it is hard to believe that these auditors chose not to. Or were they just careless and ignorant?
It reminded me of some of the students that take my online courses. If you read the text that comes with the course, you will pass the test. The final test is in the back of the book so that you can answer it as you go. It is an open book test! No tricks, no deep thinking involved. 97% of the students pass the first time.
But that 3%! 3% of customers pay for the course and then go right to the final without even scanning the text. And then they write or call complaining that they failed. It is not easy to say, “No s..t, Sherlock!” in a customer-friendly manner.
So what is the moral of this story?
The moral isn’t complicated or profound. Just read the book. READ THE BOOK! The standard is always sitting out there ready for you on the Internet. Spend a day reading it with highlighter in hand.
Here, I’ll make it even easier…so you don’t have Google for it yourself. Here is the link: http://www.gao.gov/assets/590/587281.pdf
Please don’t rely on anyone else to do this for you. You may be relying on someone who doesn’t like to read! And then you end up on the witness stand defending your refusal to simply READ THE BOOK that you promised you were following in your audit report!