Insights article graphic_3 auditing prep

Management tips to survive being audited

The idea of your organization being audited probably fills you with dread. Few people wouldn’t cringe at the thought of an outsider rummaging through their data, grilling their staff, and questioning their decisions.

I get it. But being audited doesn’t have to rank up there with root canals and other things that are eventually good for us but awful in the making. That is, if you understand the audit’s purpose and are prepared.

Someone somewhere wants to know the result of the audit, because you are or have the potential to be spending other people’s money.

Audits provide assurance that investors can trust a company’s financial statements, taxpayers can have confidence government programs are operating as intended, or that donors can be confident that charitable organizations are respecting their intentions.

Organizations commonly are subject to at least one of three types of audits:

  • Financial
  • Performance
  • Compliance

They usually are conducted by independent entities, such as accounting firms, external auditors, or regulatory agencies. Some organizations have internal auditors, too, but they must be free from management control if their audit findings are to be credible.

Knowing the type of audit guides your preparation

The purpose of a financial audit is to evaluate an organization’s records, processes, and accounting decisions to make reasonably sure its annual statements reflect an accurate representation of the organization’s financial condition.

A performance audit determines if programs or operations are managed appropriately to achieve their strategic goals. Performance audit objectives often focus on process efficiency and effectiveness, and in recent years, whether program outcomes are equitable.

Compliance audits are straightforward tests of whether something complies with a standard or not. They are commonly used in manufacturing settings and regulated industries. Compliance testing also can be part of financial or performance audits.

How they are similar

All audits are systematic comparisons of evidence to criteria within a specified scope. Criteria can include accounting standards in a financial audit, management best practices in a performance audit, and regulatory requirements in a compliance audit.

Evidence depends on the subject area of the audit. Auditors may ask for your policies, procedures, internal controls, processes, data, records, employee information. Auditors review any information used by management to account for financial transactions, achieve program outcomes or efficient operations, or comply with regulations.

How to prepare for your audit

Audit teams generally want the same information that management needs to meet its responsibilities in service to strategic objections. It is a red flag to an audit team when such information doesn’t exist, isn’t available, isn’t in a usable form, or isn’t organized for management decision-making.

  1. Anticipate what the audit team will request. It will need to get up-to-speed on your organization, department, program, and responsibilities. That means understanding the legal and policy bases for your authority, your mission and strategic objectives, budgeted resources, industry standards or regulations you are obligated to meet, any policies and procedures you use, datasets you’ve created or tap, and annual reports you produce or contribute to. Pro tip: You should have most of this documentation at your fingertips, but it may not all apply to you. That’s okay.
  2. Anticipate what questions you may get asked. The audit team is looking for what’s working well, what isn’t, and any gray areas that you (and they) are unsure of. Pro tip: Auditees who are honest about their vulnerabilities are viewed as more credible by the audit team than those who pretend nothing is amiss. Auditors aren’t expecting perfection.
  3. Understand what threatens your ability to achieve your strategic objectives and anticipate that the audit will focus on one or more of them. Pro tip: Managers are responsible for assessing and mitigating risks to success, so it’s a red flag to an audit team if this conversation is a mystery to you. You may not be able to address all your vulnerabilities, but you should know what they are.

How to engage with the audit team

The audit process has built-in check-ins for discussions, and you should take advantage of all of them to understand what type of audit is being conducted and why, the criteria to be used, the scope and fieldwork objectives, and any findings and recommendations. Pro tip: Participation in these periodic check-ins will help avoid unwanted surprises for management and the audit team at the end of the process. The earlier misunderstandings can be addressed, the better.

Ask which professional standards the audit team follows:

  • Audits conducted under Government Auditing Standards (also called the Yellow Book) will conclude with a written report, a draft of which will be provided to management to review and respond to before it is published.
  • Internal audits conducted under the International Professional Practices Framework (also called the Red Book) are common in the private sector but sometimes are used by government agencies, too. They have different public reporting requirements than government auditing standards.
  • The American Institute of Certified Public Accountants is the go-to source for various types of financial auditing standards.

Ways to make the process go smoothly

Remember what the point of an audit is: to assure third parties – taxpayers, investors, donors, regulators – that your organization is operating as intended to achieve its strategic goals, whatever they may be. If it’s not operating as intended, the audit report will include recommendations to close the gap between the criteria and the evidence the audit team collected.

  • Take advantage of periodic check-ins with the audit team and ask questions
  • Assign a contact to coordinate information requests from the audit team
  • Encourage employees to respond promptly to requests for interviews, documents, and site visits
  • Request that the audit team meet to discuss any conclusions you disagree with and be prepared to provide supplemental information to support your position
  • Try to reach consensus with the audit team on recommendations you will be expected to implement. The goal is to make the requested actions result in improved conditions.

Finally, resist the urge to use the formal written response at the end of the process to attack the audit team or the findings. There are appropriate venues for that if you believe the audit team did not live up to their professional requirements. If you have an honest disagreement about the recommendations, it’s best to say so in your response. The audit team will circle back periodically to check on your progress, so I’d advise against staying silent if you don’t intend to implement one or more of them.

Pro tip: Use the formal management response, which is included as part of the audit report, as an opportunity to acknowledge the areas where improvement is needed and assure readers you will implement the recommendations. Nobody expects perfection, but everybody should expect management to continuously strive to do better.

If you’d like some help getting ready for your next audit or need to retain an independent performance or compliance auditor, let’s talk.

 

Mary Hull Caballero signature
Mary Hull Callabero

Mary Hull Callabero is the Founder + CEO of ManageWise, a consulting firm that equips executives and managers of public-serving organizations to overcome the perils and pitfalls that hinder their progress toward achieving their goals.

Learn more about Mary and ManageWise ›

newsletter optins

Stay in the Loop

Receive our free guide, How is your governance game?, and occasional updates by joining our mailing list.