Auditors: Who Are They?

Managers Are Not from Venus, Auditors Are Not from Mars

This is a difficult question that could literally be debated for many years without resolution. Who makes the best auditors and where are they found? One of the first general standards for all auditors, is they must collectively possess adequate professional ability to complete their required tasks. This does not mean they know all things about all things in the organization. What it does mean is that auditors must have the skills and knowledge about the area they going to audit. They should have a thorough knowledge of the target's business environment relative to the nature of the audit being performed. Auditor qualifications apply to the audit team collectively and not necessarily to each individual auditor. Acceptable skills could include, but not be limited to such areas as, accounting, statistics, law, engineering, computer science, business administration, public administration, economics, social sciences, and mathematics.

Auditing is a field that requires significant ongoing education in professional disciplines. Auditors generally plan to complete at least 40 hours annually of continuing relevant education and training in order to remain current in their discipline. Continuing professional training should include topics such as, audit methodology, assessment of internal controls, principles of management, computer information systems management, statistical sampling methodology, evaluation design, and data analysis.

Auditor Attributes

Following are some important characteristics to consider when selecting candidates as auditors:

Personal

The auditor determines when decisions can be made and exercises authority sparingly. She shares appropriate information with the correct people in a timely fashion. She exercises correct judgment and maintains a professional demeanor at all times. She understands the limits of her knowledge and knows when to call others seeking their expertise. In other words, she does not think she knows all things.

She builds trust by demonstrating honest and direct behavior yet is acutely aware of sensitive issues. Auditors do not compromise their ethics, nor will they tolerate a compromise of ethics by others. This may seem a bit rigid, but considering that auditors must prize their credibility highly, it is not unreasonable. It is important to note that auditors in essence are not ever off-duty. They are aware that their off-duty conduct affects their on-duty credibility. Auditors are professionals that understand that if they engage in activities that call their personal judgment into question, their professional judgment may be called into question on the assessments they make on the job.

They consistently develop comprehensive plans to accomplish their goals and take the initiative to meet or exceed deadlines in anticipation of timelines. They are adept at multitasking and handle multiple tasks simultaneously prioritizing work by focusing on significant problems.

Leadership

Auditors take an active role in preparation of presentations delivering oral and written presentations that are grammatically correct, logical, clear, concise, and relevant. They incorporate business and personal experiences in the communication of ideas to others. An auditor is thoroughly knowledgeable in emerging and current trends applicable to her tasking as well as her profession. She possesses excellent negotiation and persuasion skills and is adept at exercising various types of negotiation styles. She presents her point of view yet is sensitive and adept at leading herself and others to win/win conclusions. She discusses matters in a factual, professional fashion yet delivers her point of view in a passionate and persuasive manner. She effectively and efficiently recognizes and manages potential conflicts.

Functional Abilities

She knows her profession and is experienced and well trained in her craft. Auditors routinely provide advice to senior managers on the assertions that need to be provided regarding systems' confidentiality, availability, and integrity. She leads the audit team in drafting the audit management plan, program, and final report and determines the requirements of any postmortem actions. She effectively and efficiently collects evidence regarding assertions and conformity criteria. When appropriate, she will direct the evidence collection efforts of others.

Code of Ethics and Conduct

Auditors must subscribe to a formalized, universal code of ethics. For example, a code of ethics for holders of the Certified Information Systems Auditor (CISA) certification has been established by the Information Systems Audit and Control Association (ISACA). ^[1]

Codes of ethics are usually required by professional organizations and typically address the following areas of auditor conduct:

• Establishment and compliance with information systems controls, standards, and procedures

• Trustworthy service and reporting to stakeholders throughout the audit process

• Avoidance of participating in improper acts personally and professionally

• Confidentiality of observed and collected audit evidence

• Auditor independence

• Professional competence through participation in continuing professional development

• Due diligence when conducting audits and documentation of sufficient evidence supporting conclusions and recommendations

• Communication of audit results to appropriate stakeholders

• Education of stakeholders in the audit process to enhance understanding of systems and the audit process

Free and Independent

External auditing is often called independent auditing as qualified individuals outside the organization being audited do the audit. External auditors represent the interests of third-party stakeholders such as creditors, government agencies, and stockholders.

Internal auditors operate as independent appraisers established within an organization examining and evaluating activities as a service to the organization itself. Internal auditors perform a wide variety of tasks including assessing compliance with legal obligations, assessing operational efficiency, detecting and pursuing fraud and system vulnerabilities. External auditors are distinguished from internal auditors in that they represent outside constituents, while internal auditors represent the interests of the organization. Their efforts are not necessarily exclusive, internal auditors often cooperate and assist external auditors in performing audits achieving efficiency and reducing audit fees. External auditors depend on the independence and competence of internal auditors in relying on their work. Independent internal auditors add value to business processes. Internal auditors often collect evidence throughout the fiscal period that can be used at year end to conduct more-efficient, less-costly external audits.

In auditing and all related matters, auditors must be free from personal and external impairments to their independence. Auditors must be organizationally independent and should maintain an independent attitude and appearance.

Auditors must consider not only if they are independent with their attitudes and beliefs, but also whether there is anything about their situation that might lead others to question their independence. All situations must be considered, as it is essential that auditors consider themselves to be impartial and that knowledgeable third parties consider them to be independent.

For auditors, there are essentially three very general types of impairments to independence: organizational, personal, and external. If any of these impairments affect their ability to do their work and report their findings impartially, the auditors must decline the engagement.

Organizational Impairments

Internal auditors may be affected by their job-placement within the structure of the business entity where they are employed. Auditors must be sufficiently removed from managerial, political, and organizational pressures ensuring that they can conduct their audits independently and report their findings, opinions, recommendations, and conclusions objectively. In the case of external auditors, they may be presumed to be independent of the audited entity if there are no personal, external, or organizational impairments.

External Impairments

There may be factors external to the auditor interfering with an auditor's ability to form objective and independent opinions, recommendations, and conclusions. There may be interference or undo influence that improperly limits or modifies the scope or methodology of an audit.

Personal Impairments

Regrettably, there are circumstances in which auditors may not be impartial or perceived by knowledgeable third parties as being impartial. It is important for an auditing unit to have policies and procedures in place to determine if auditors have any personal impairment affecting their ability to conduct audits. Although the responsibility rests on the shoulders of the individual auditors, audit managers and executives need to be alert for impairments affecting the judgment and performance of their audit staff. Auditors must be responsible for notifying the appropriate official about any personal impairment. Personal impairments include, but are not limited to the following:

• Official, professional, financial, or personal relationships that might cause the auditor to limit the methodology, extent of the audit inquiry, limit disclosure, or minimize or slant the audit findings in any way.

  Experience Note

  An auditor was engaged to perform an audit and, after arriving to conduct his work, discovered the target of the audit was his brother's former commanding officer. This was the same person who had delivered a career-devastating performance appraisal to his brother. The auditor asked to be removed from the audit for personal impairment reasons.

• Preconceived ideas toward the audit or the organization on which the audit is going to be performed; any feelings that the auditor has that could taint audit results require that the auditor is removed from the audit engagement

• Previous responsibility for decision making or management authority that would affect current operations of the entity to be audited is considered biasing

• Personal biases (including business, political, religious, or social convictions) resulting from employment or loyalty to a particular group or organization

• Direct or indirect financial interest in the audited entity

^[1]ISACA's code of ethics may be found at www.isaca.org.