These days, audits are part of everyday life – especially if you’re in the financial services industry. The audit process can sometimes be quite daunting for many, but it certainly doesn’t have to be. Here are a few tips to help you navigate your next audit engagement with greater ease.
1. Be Transparent
- Honesty and openness are crucial to a positive audit experience – always share accurate, clear, relevant and, where possible, complete information. It’s also okay to say, “I don’t know”. Leading the auditor astray with inaccurate information only prolongs the audit process and results in more questions and/or requests from the auditor.
- If you haven’t done something that you were supposed to…just own it. Where a reasonable explanation exists, provide it to the auditor, along with any relevant supporting documentation.
- An essential part of the audit process is corroboration. This means that auditors will usually attempt to confirm non-conclusive statements via consultation with other relevant parties and/or review supporting documentation.
- If you see something, say something! Don’t withhold pertinent, relevant information from the auditors.
2. Document! Document! Document!
Audit is an evidence-based profession. Therefore, auditors require sufficient, appropriate evidence to prove the existence, accuracy and legitimacy of transactions. The type of evidence needed varies from one transaction to another.
Where the type of evidence requested by your auditor is unavailable, talk to them to determine whether there are any alternative forms of acceptable evidence that you may be able to provide.
If unique circumstances require you to deviate from established procedures or best practice, this should be well-documented (primarily via an approved Exception Report). Approval should be obtained beforehand, where possible.
If you review and/or approve documents, be sure to evidence your approval in writing, typically via signature or email.
Keep this audit mantra in mind… “if it hasn’t been documented, it hasn’t been done”.
3. Digitize and Automate
As the environments within which we live and work evolve, and undoubtedly become more complex, companies now have greater analytical and reporting requirements. To this end, businesses are relying on a myriad of software applications to help manage their data.
With the right controls in place, digitization of forms and other documents makes them easier to organize, locate and share as needed. This results in less time spent physically pulling files to provide to the auditors. With the click of few buttons, you can easily select files to share with auditors electronically.
Automation results in greater operational efficiencies and better use of man hours. Further, with an integrated approach to automation, there is less emphasis on reconciling data between systems, which means less manual time-consuming controls, which means less audit testing. When applications are integrated and the necessary controls are built-in, auditors can test the software directly, rather than testing a large sample of manual transactions. This results in quicker, less cumbersome audits, and ultimately, you having more time to spend doing the things you love.
It’s your responsibility to ensure that the processes and controls within your functional area are effective.
This requires testing. Considering the specialized knowledge, tools and investigative skills required, you are not expected to test to the extent that auditors would. However, there are always basic checks that you can do to try to ensure operational effectiveness of the controls for which you are responsible.
Also, bear in mind that Internal Audit uses a risk-based approach to engagement selection. Internal Audit will neither audit every operational area nor control. Therefore, it is prudent that control and risk owners test the effectiveness of their controls periodically, at least on a small scale. This can save time and reduce stress when an audit of your area rolls around – reduced number of deficiencies, shorter audit process, and less time spent on remediation of audit findings.
Contrary to popular belief, auditors are not “out to get you”. Believe it or not, auditors don’t enjoy identifying deficiencies. Deficiencies don’t just add to the auditee’s workload by causing them to dedicate time and energy to remediation efforts; they also add to the auditor’s workload by requiring auditors to draft detailed reports on these findings and then follow up periodically regarding your progress toward remediation.
Ultimately, ICBL’s Internal Auditors aim to provide a comfortable audit experience for auditees; and are always open to:
- discussing any concerns that you may have;
- providing explanation and clarification as needed;
- working with you to identify alternative appropriate forms of evidence; and
- helping you eliminate inefficiencies and control gaps within your processes.
Here’s hoping that you take these tips onboard and use them to enhance your audit experiences going forward. Does your company have an Internal Audit team? Reach out to them at any time, should you have any questions or concerns.
Head of Internal Audit
Corporate Communications Specialist