OVERRATED SIGNOFFs

by | Aug 25, 2023 | Internal Control | 0 comments

What is it that comes to your mind when you hear about a signed off document?

If you hear adjectives such as authenticity, credibility, reliability, infallibility in your head, then you better smack it against a wall. This is because your understanding of the requirement for sign offs could be so naïve that you’re unable to comprehend it’s there because it feels good or gives that complete look!  Or maybe it’s because the subject document had a designated space for a sign off and that’s why there must be one.

Well, whatever the wisdom behind be, it surely allows for enlightenment of the suspecting auditor, provided one is looking to unravel it at the right place. It’s frequently out in the open rather than being buried anywhere so looking at the right place is that important.

So, let’s have a look at the most innovative interpretations of the purpose behind a sign off requirement:

  • The document asks for it.
  • Someone asks for it.
  • I should.
  • Its customary.
  • Better have it.
  • Everyone does it.
  • I do because the one before me did.

The last 2 are my personal favorites.

When the auditor gets to hear any of these, the whole philosophy of internal controls system of that entity unravels right then and there. Where to look for it? Once you’re done reviewing the document and are sure it’s inaccurate, non-compliant or plain fake, simply ask the person(s) who signed it; enlightenment will follow!

Included herein are the e-sign offs too! Later in this space let’s examine how that could be anything from the list above. But let’s first see, what sign offs used to represent and do still represent in entities that emphasize upon the significance of control environment.

Sign offs;

  • Represent the authenticity of a document; that it has been prepared following its due process.
  • Mean that the document is credible; that it’s trustworthy because it has been certified.
  • Make the document reliable; that it could be relied upon for use because it exudes authority.
  • Render the document infallible, that its true for use.
  • Make the document significant for use.
  • Represent evidence of execution of controls designed.

It’s imperative that the requirement for signoffs should be based on these principles and objectives. Once you take these out, the spirit is lost and what’s left is a façade ….. and that’s what an overrated signoff looks like. It can only offer an illusion of a control, nothing else. Luckily however the reason behind this illusion is not elusive.

The distinct signs of how a signoff becomes an illusion of a control are:

  1. The signatories don’t understand what they are certifying while signing off.
  2. The signatories don’t know which part of the contents on the document concerns them.
  3. The signatories are unaware of the process through which the document is generated.
  4. The signatories have signed off because there was a designated space on the document.
  5. The signatories have signed off because each one of them knows the other will also sign.
  6. The signatories have signed off because the other person has also signed.
  7. The signatories signoff because a procedure desires them to sign.
  8. The formal specimen signature of the signatories doesn’t exist.

These are revealed once the auditors have substantively verified the records and the process trail around the signed document and corroborated the findings. And once revealed, controls like review, authorization and approval are rendered ineffective. Similarly in e-signoffs when a reviewer, authorizing or an approving officer shares his login credentials with another person, without formal delegation of what is being delegated, the e-signoffs become irrelevant.

The auditors are then constrained to obtain assurance from other sources and audit procedures as the document no longer holds sway. But that’s not just it. The signing official’s work approach thus revealed, gives insight on this person’s understanding of the internal controls because that would be reflected in all other tasks he’s assigned to control.

Audit queries when responded like, I did not check that bit, I never knew I was required to check that, I trusted the preparer or that the other reviewer will check, spell disaster when these come from an executive. The whole control environment of the entity is laid bare just then and there as it hardly remains an isolated phenomenon; it’s present in the whole control philosophy of the entity.

With a control environment like this, the state of systems underneath for risk assessment, control activities and monitoring activities is certainly not hard to guess. The overrated signoffs lead to an overrated control environment for that particular entity.

 

The auditors may then continue their engagement with such an entity, for their commercial benefit only.

However, the entity won’t benefit from the audit efforts unless of course they also need the auditors for a …… signoff!!!

Post Views: 16
 

Submit a Comment

Your email address will not be published. Required fields are marked *