NOT A BIGGIE!

by | Jul 12, 2023 | Governance | 0 comments

Are you among those internal auditors who have always had the not so amusing pleasure of being asked about the materiality of every second or third audit finding you reported? Well, if it’s true; chances are you’re not alone and this piece is for you intended to make you feel at peace!!!

 

First thing’s first though; if it’s your client’s (or employer’s) owner, its most likely you who must introspect; by looking at your risk universe, the audit universe and the aligned audit planning and making amends where indicated. But if it’s the executive management’s typical response, then all you need is a pause!

 

No, certainly not, I’m not making a professional advice here; it’s still you who must decide how to navigate in a situation whereby reported findings do not get the response they rightfully deserve and it’s you who must ascertain the facts behind not garnering the desired response. In my words here, you’ll find a reason to be relieved and find that inner peace.

 

Well, you need to understand plain and simple; management that’s not the owner is on the payroll. And when management is on the payroll it reflects some entirely unique challenges for the auditors (more enlightenment on that in another dedicated blog piece). You see they’re the ones whose stewardship is being examined after all! And yes, it’s also about their performance targets……how could they let that definite bonus get a squeeze all because of an audit finding?

 

So, it’s natural that they’ve to take refuge in a “Not a Big Deal” approach to audit findings. Agreed, not all findings coming out of an exercise that was diligently planned and is part of a risk-based audit plan duly approved by the body overseeing the audit function, could be as significant as to warrant a serious response from the Management, but then:

 

  1. They should be content with the ratings auditors assign for those findings objectively in accordance with the approved ratings mechanism and
  2. They should understand that some findings, specifically those that highlight willful non-compliance or even violations of policing or procedural requirements, might not rank high enough on account of their financial impact but nonetheless represent a significant nuisance value and
  3. Materiality becomes irrelevant when the findings unearth red flags like frauds, falsification or fabrication of records, code of conduct violations, etc. because no matter how insignificant their financial implications are, these are inherently significant and pose substantial risk to the control environment.

 

But guess what? Sometimes managements are accustomed to learning it the hard way!

 

They would be too focused on getting an audit report’s ratings dampened enough to call it satisfactory, that they would like to sacrifice the bigger picture and their lack of adequate foresight on that part ends up getting the best of them. I’ve been a witness to this behavior unfortunately and how it ultimately pans out, when nothing that could fit in place is left to salvage.

 

It starts with “okay you’ve found stuff that we’re already working on” and “do you think it has a material impact?” and makes all out efforts to discredit the audit finding, ensuring that their stewardship is not lost sight off in front of those charged with governance.

 

Consider an example of a person who was found to have falsified certain records to make a good score on a few of his performance targets. The auditor entrusted with the task of reviewing those records, identified the falsification and the underlying patterns, fully exposing these. The management on the other hand was focused on assessing the material significance of the impact of this falsification, knowing full well that employee code of conduct was violated. Resultantly, the employee was rewarded with the score he “earned”. Next up the same employee falsified records that were required to be communicated to an external regulator, in compliance with requirements. That’s when the management realized that something needed to be done about him, though the Company already by then had earned a reputation within the industry.

 

Since auditors aren’t regulators, wrongdoings identified by them do not always get the same consideration or certainly not when the time is right. BUT THEN…..those charged with Governance should also introspect rather than looking to scapegoat auditors! Early symptoms of disease were communicated to them but instead, in their fondness of materiality, they chose to have the lump morph into a malignant tumor.

 

Let’s now talk about finding ways to fix it:

  • Auditors need to fine tune their report rating mechanisms to assign distinct significance to control environment related issues where financial materiality is N/A.
  • Board Audit Committees or those charged with governance should educate themselves and understand threats to control environment and give a shut up to call to management when one’s due.
  • Managements need to understand that control environment related findings pertain to the ethics and integrity of their workforce and well these are instances where time for action is of utmost importance, rather than materiality.
  • Finally, Boards and Management need to have a detailed dive in session in what internal controls are and why frameworks for these are so important!

 

Maybe these could help talk some sense into Corporate Governance champs!

Post Views: 57
 

Trackbacks/Pingbacks

  1. NO CHEATING IS INSIGNIFICANT, DIFFERENT → Career Auditor - […] lot many times, we the internal auditors come across a “Not a Biggie” reaction even to findings representing ethical…

Submit a Comment

Your email address will not be published. Required fields are marked *