With the third round of hearings by the financial services Royal Commission commencing this week, we’re learning about some of the questionable lending and other practices that some of our major financial institutions have engaged in.
It’s clear that the management teams within these institutions are largely responsible for what has transpired. However, one commentator has also suggested the internal audit profession needs to ‘lift its game’ by being more independent and courageous in raising red flags.
In one of the hearings, we learned that the auditors identified issues and highlighted these with management – but was this enough?
Having previously worked as an internal auditor, and currently as an external auditor, I can only agree with these sentiments when it comes to maintaining the integrity of the broader audit profession. Independence, exercising professional skepticism and communicating with those charged with governance form the cornerstones of performing any assurance engagement.
Having tough conversations – and following up
Sometimes, conversations with clients aren’t easy when you’re telling them, “Your system is broken, and this is the potential impact”, but that shouldn’t deter auditors from raising issues with management. These conversations can be difficult, but they are also opportunities for auditors to ensure they’re doing the right thing.
Raising an issue in an audit is one thing, but a good auditor will close the loop by following up with management to ensure adequate remedial action has been taken to address risk exposures identified in the audit process (financial, legal, etc).
At Accru Harris Orchard, our auditing team prides themselves on raising important issues, asking tough questions and following up with clients to ensure that appropriate issues and risks have been addressed, and changes implemented. Our audit and assurance services give our clients confidence that their systems, processes and people are sound. If they’re not, we work with our clients to solve any gaps they have. An audit doesn’t end once the report is submitted.
It’s important not to forget the responsibilities of boards and key management personnel, either. They also need to engage in the audit process and consider the audit findings in assessing their organisation’s risk exposure and how this is controlled.
Management may dismiss an auditor’s findings on the basis that ‘they don’t know our business’ or ‘that’s just the way we do things’. It’s these types of situations where a trusted relationship between management and an auditor can result in a meaningful and constructive exchange of ideas.
Things to ask an auditor in advance
If you’re looking to hire an external auditor, here are some key questions to ask:
- What’s your process for dealing with and managing audit findings?
- How do you communicate and follow up with Board and management teams?
- What will you do to assess our risk management processes that could affect financial reporting?
- In what areas will your audit firm maximise ongoing collaboration with our stakeholders?