If you’ve noticed some frost in the relationship with your external auditor, blame the
Before SOX, external auditors served as a client resource, dispensing advice and guidance about complicated
Today, in contrast, external auditors serve as an investor/stakeholder representative tasked with providing an unbiased opinion of a company’s finances and reporting infrastructure. They are not allowed to audit their own work and thus cannot directly help or advise their clients in any way before, during, or after an audit. Furthermore, external auditors now must accept personal, lifetime liability for their auditing decisions.
There’s a lot at stake – for auditors and executives alike – but in the years since SOX passed, we’ve learned a few tips for successfully navigating the new client-
There Are Ways to Manage Audit Fees
It is possible to reduce the time, effort, and even the cost of an audit. To do so, you must first eliminate inefficiencies that are weighing down the audit, and then find a way to complete audit-related tasks for less money. For example, by using a standardized approach to internal controls over financial reporting, you’ll spend less time and fewer resources writing and documenting audit-approved internal controls. By outsourcing testing to a qualified third-party, you’ll alleviate this time-consuming burden from your internal staff (or your auditor) while increasing the level of independence around your audit – something auditors like.
A Good
Auditors are required to audit according to risk and materiality – not according to their own instincts. So, mid-year, be sure to engage in a formal risk assessment that identifies risks and shows how you’re mitigating them. This risk assessment will help you negotiate a reasonable audit scope before your auditor arrives -- and prevent scope creep once the audit has begun. Remember, when auditors poke around in areas outside the audit scope, they dilute the value of the audit for your company and, in doing so, will very likely raise the cost, effort, and annoyance of the entire process.
You Can Push Back on Audit Findings
No company is perfect – not even yours – so expect to hear your auditor say, “You’ve got a problem.” Be diligent in asking questions like, “What is the nature of the issue?” and “Does it represent a material weakness or deficiency?”. Have your own team verify whether you have controls that have mitigated the risk. This is when your risk assessment can come in very handy, because often times there are multiple ways to mitigate a risk.
Remember, auditors are human; they make mistakes, have agendas, and are afraid of being sued. But if their humanity interferes with their ability to be correct, you need to push back. In these circumstances, it’s often helpful to have a third party who can help you negotiate. Auditors also tend to rely on
Internal Controls - There is a Better Way
Your auditor will tell you if your internal controls over financial reporting are insufficient. But they can’t tell you why or how to fix them. They also can’t tell you if you have too many internal controls or inefficient ones. They’ll just spend time and effort (translation = money) reviewing the controls you have and testing to make sure they work.
Your auditor can’t tell you how to fix your internal controls infrastructure – but Vibato can. Our standardized, best-practice-based approach is based on the same methodology of external risks and controls used by just about every auditor in the United States. As a result, we can give public companies what they need to identify, document, and test internal controls over financial reporting, so they are more prepared to reach their ultimate goal – a clean audit opinion.
