Apropos of nothing in particular…
I have no expert knowledge of auditing, as this piece will show. I have a 30 year old accounting degree, gained mostly as an escape route from a YTS scheme in an accounting firm. I did that YTS job, for £35 a week, plus a day release AAT course, for about two years. My work was charged to clients at £50 an hour, as I recall, but that’s by the by.
During this time, I was often involved in audits. We were a small firm of chartered accountants, so our clients were not huge corporates. They were small to medium textiles firms, manufacturers, shops, wholesalers and one slaughterhouse. It was in the days before desktop computers, where print outs would be taken from mainframes in some computer room, on dot matrix printers. Ledgers were generally hand written and trial balances long, folded bits of paper inserted into cardboard files.
To do an audit of a business of any real size, you have to insert yourself into their offices for while. My YTS years, back in the early 1990s, was a time when smoking was legal, so finance offices were frequently smoke-filled hell holes, peopled by battle-axe secretaries and bookkeepers and sharp suited accountants who most certainly did not want you there.
To do an audit properly, what you need to do is ascertain that there is an audit trail in place, in which there can be confidence. This means that any transaction – sale or purchase – can be traced from one end of the ledger process to the other. So if you start with, say, the purchase order for an item, you might check first, is it signed off? Then does it go on to be ordered from the supplier? Is there an invoice, a receipt, an entry into a goods inward ledger? Does that invoice and ledger still have the same PO number, the same value, state the same item? Does the purchase show up in the bank account or, if not, is it recorded as a debt payable in liabilities? Similarly for sales, can you track an initial order through dispatch, courier and payment at the other end?
So far, so much good audit practice.
The reality is that often this is a tedious, horrible, frustrating, head-desking-to-brain-hemorrhage-level task which is assigned to the most junior suckers on the team, including the YTS kids. Now of course, you don’t need to trace *every* transaction – that would be impossible. So what you do is you take a random sample, from each end of every audit trail – whether you can trace back the other way, eg from the bank account to an initial purchase order, is also critical. In an ideal world, and perfectly run company, the task would be tedious and repetitive but simple: you’d tick off each stage of the audit trail as you find it, photocopy receipts, purchase orders and the like, then hand back your work to the head of the audit team who can use it to help declare the audit was all grand.
The reality of many companies is that they are not well run. You pick an item from the purchase ledger, find a purchase order (only it’s not signed off because it was urgent and the boss was on the golf course or in a bad mood or…at this point the dragon of a clerk will scowl, take a long drag on her foul smelling cigarette and shoot you a who are you to dare ask why? No one ever bothers signing off those things, for Christ sake glare). Slinking back to your desk – stuck in a corner, facing a stained wall, between a pot plant and the water cooler – you carry on and find the order to the supplier, and an entry on the goods inward ledger. But there is no invoice. You then have to go back to the dragon and ask why not. With much huffing and swearing, she will go off and rifle around drawers and filing cabinets, then shout at someone else who will have to go and disturb the bad moody finance manager who is pissed to hell to be disturbed. Eventually, you might be handed some tattered yellow piece of paper that’s illegible, ripped, blood covered (if it’s a butcher shop or slaughterhouse). Or you might not. It might simply become a cross where a tick should be on your audit sheet.
The boss’s plan for your audit team is that you’ll be in the client’s premises for a week. Now bear in mind, you’re a seventeen year old YTS kid on £35 a week, or perhaps a junior audit assistant on an internship. You want out that hell hole as much as its staff want you out. Every random item you’re tracing through and can’t find, you have to approach those smoking battle-axes and arrogant finance managers. If you return at the end of the week with a sheet full of crosses, the boss is going to whack you over the head with the audit file: that would feel like failure.
So after a few such random picks, what do you do? Well you start checking that the ‘random’ item you’re picking has an entry at the other end of the ledger. If it doesn’t, you ‘randomly’ drop it and pick another one that does. If you realise half way through tracing it something terrible has happened, like there’s an unexpected item on the receipt sheet that isn’t recorded anywhere else so you can’t photocopy it, you ‘randomly’ bin it and pick again. Anything to avoid facing the dragons again and get out of there by Friday.
So far, so much less good audit practice.
The staff of a client organisation, and the attitudes and integrity of senior staff of the audit firm, are absolutely critical to an audit being carried out well. In many ways, from my tiny and lowly experience, organisational attitudes are more important than the books themselves – in fact, they will underpin how good the books are.
Good managers of well run organisations want their books to be perfect. They want staff who know where everything is and can lay their hands on anything a YTS kid doesn’t instantly find –oh yeah, that’s the MOD contract – that’ll be in this other file locked in a cabinet – sorry, should have told you. In a well run organisation, an auditor picking up on an issue that could point to fraud or error might be welcomed.
If, on the other hand, you have an organisation which is being corruptly run, one where those in charge don’t want the books to be seen, one where transactions are deliberately being hidden, that culture will filter down to those in accounts offices who, themselves, don’t have sight of the full audit trails. Those staff cannot help auditors, and may become defensive and hostile as a result. Their bosses are likely to be as bullying and unapproachable as they are. In an organisation like that, junior staff – both auditors and the organisation’s own – are powerless. For a young junior, you need a lot of confidence to keep on challenging hostile people, or to approach your audit manager and say, ‘I think there’s a systemic problem here: it’s not just me lacking confidence to ask for information or not being able to do the job’. You then need to have audit team leaders who can go to their bosses and do the same, and senior bosses who care enough to do something about it.
Now combine a powerful organisation with huge budgets, run in a corrupt way, with deliberate malfeasance, fraud and bullying on the part of their most senior people, with senior auditors who are complicit, happy to turn a blind eye? Or, even in the best cases, auditors who are simply busy, want the audit over in the planned timescale and budget (bear in mind the client is being charged). And it becomes easy to see how large, top management, failings in an organisation could be missed, perhaps even for years. How that confidence in the audit trail might be misplaced.
With companies such as Enron, one issue was that they were prized clients. Consider here too that – especially with the big 6 accountancy firms – audit is not their only or most lucrative source of income. The corporates (and perhaps even parties of government) they audit are a huge source of consultancy work, tax work, and government contracts. A senior auditor would not, then, be thanked for trying to tell higher up management there’s an issue with their prized client who brings in millions. The tendency is to believe, especially with huge, successful companies, there can’t possibly be any serious issue, certainly not on an Enron scale. But if there is an issue at the top, the client – whose most senior people hold the check book – is not exactly going to be enthused about being billed while you sit in their office trying to find it.
This, ultimately, is the problem with relying on audits as proof of a clean bill of health. For a well run company, an audit can be an excellent tool to pick up issues or fraud. For a poorly run one, where the most senior people are involved in fraud, it becomes far harder for an auditor to do much more than express concerns. And clients don’t tend to like that either, when they’re paying.
The importance of paying auditors to scrutinise your books and express those concerns only really becomes obvious once they’ve walked away. No well run company or organisation would allow that to happen because of junior staff not doing their job properly. That happens only because the most senior staff are evading their responsibilities.