Good auditor or bad auditor – which are you?

All auditors expect clients to question their usefulness. Many auditors question their usefulness. Most would accept that their impact on an organisation is generally quiet and incremental, rather than dramatic. Most of all, when you’ve been doing – or putting up with – a lengthy audit only to find there are no recommendations that management are not already aware of you have ask whether it’s time well spent.

Time then to remember what we’re here for:

  1. Ensure that risks are adequately managed to allow the organisations objectives to be achieved
  2. Report to management and the board where risks are not adequately managed
  3. Ensure actions agreed by management are appropriate, are implemented effectively, and actually address the risk
  4. Demonstrate the value of audit and effective risk management
  5. Provide solutions that support the achievement of organisational goals
  6. Provide an independent view and challenge
  7. Identify over-control or ineffective controls that offer an opportunity for improving efficiency
  8. Identify objective, evidenced findings – and proportionate recommendations
  9. Always say “what’s the risk” before doing anything
  10. Enjoy work (no, seriously!)

And what we’re not here for:

  1. Create tick-lists and go through them with interviewees
  2. Tell management what they already know
  3. Record findings ‘for the sake of it’ or where the risk does not justify better control
  4. Ignore risk areas because management don’t want them looked at
  5. Come up with unworkable, inefficient or bureaucratic solutions
  6. Make subjective decisions or ‘hold people to account’
  7. Make life difficult for management
  8. Waste people’s time with unnecessary queries
  9. Ignore things because we don’t understand them
  10. Be a policeman

, ,

No comments yet.

Leave a Reply

Leave your opinion here. Please be nice. Your Email address will be kept private.