Doesn’t it sound divisive? Sector specific auditors? Aren’t the auditors required to be auditors only? Good at what they do, audit? No, it doesn’t? And why not? Well let’s not be opinionated from the outset. Though I would insist, why the insistence?
Divisive it sounds because this way auditors good in a particular industrial or business sector might not be good or even relevant for others. Divisive it feels because audit is not meant to be an experience specific to each sector it serves, it is meant to be an experience of its own kind!
The type of other people who come close are the finance professionals. Is it good to have finance professionals relevant to each industrial or business sector? Well, it is, and it might not be. It is because they’re responsible for the operations, being part of the operational and executive management and the risk management and control functions too, so it’s good if they are business relevant.
But they might not be as good as having a well-rounded finance professional having experiences in their own niches. For instance, finance professionals have specific expertise in budgeting and control, working capital management, investment / portfolio management, accounting, taxation, etc. irrespective of the industry they work in are good for what they have knack in for any sector they serve.
What about external auditors? Are the ones responsible for reviewing and issuing an opinion over the truthfulness and fairness of historical financial information also required to have relevant sectoral experience? So that we have specific external auditors serving specific sectors?
Though they might benefit from analyzing and comparing financial information of their audit client with others in the industry, to identify how well the company is performing as part of the sector it is serving but having this as a precondition of having specific external auditors and not others is a ridiculously absurd idea!
That’s because, firstly, the financial information is usually publicly available or can be easily procured. Secondly, the external audit scope is standard, non-evolving and thus extremely limited. Their scope is financial information and the accounting system! One could hardly come across external audit firms to have teams specific for each sector!
In my experience, I have come across external audit teams for financial services (banking, NBFCs, etc.) distinct from other external audit teams, but that’s all. And it seemed imperative to have this distinction because of the regulation and governance over the financial services sector.
Apart from the seemingly plausible ‘genuine’ demands for sector relevant external auditors, seeking them for each distinct industrial sector serves no beneficial purpose either. This is because external auditors, even after having an evolved scope, courtesy ever changing ISAs (International Standards on Auditing), are still only responsible to give opinions over compliances for which the managements are fully responsible.
Furthermore, external auditors, even after having reviewed/tested all materially significant transactions as part of their audit procedures still seek out resolutions from owners about these, so what’s in it that an external auditor not having relevant sectoral experience cannot do? Standard approaches and procedures do need to be specifically applied but it doesn’t mean these need to be applied or can only be applied by specific people.
In fact, the opposite is true when it comes to assessing the usefulness of relevant sector external auditors. External auditors having broad-based industrial experience not confined to any particular sector(s) are more likely to perform an adequate audit engagement which is self-assuring to them and their audit opinion will be more appropriate and beneficial for the users of financial statements to make well informed decisions.
This is because external auditors having broader industry experience can actually help analyze and compare any particular entity’s key financial performance metrics like revenue, margins, profitability, etc. amongst not just its competitors, but the overall industry and economy. Financial results of sellers and customers in a value chain could be related, even at time leading to reconciliation / confirmation of balances like receivables and payables!
As a result, such external auditors are in a position to offer a good deal of advice for improvement in their specific domains like accounting control systems, accounting treatments and accounting policies, etc. Such advisory is available if the external auditors are willing to offer it and if their clients are eager to listen to it! Because as such they aren’t required to advise.
Let’s now check how the sectoral experience requirement is an even greater absurd idea to even think of in the context of internal auditors.
Internal Auditors are meant to have expertise in Governance, Risk Management and Internal Controls and have skills in analysis, be tech savvy, be always professionally updated and have another especially important skill! Let’s cover that in a while.
Are the principles of governance, the frameworks for risk management and purposes for internal controls entity or sector specific? Had it been so, we would have different codes of corporate governance for each industrial sector, distinct risk management frameworks for each specific business sector and unique purposes for internal controls.
- Every entity in any business sector needs governance, which is how it is directed and controlled.
- Every entity in any business sector needs risk management, which is how it identifies, assesses, evaluates, mitigates and monitors risks confronting its objectives.
- Every entity in any business sector needs internal controls, which help it mitigate risks so that objectives can be fulfilled.
In fact, it’s about the diverse application of these principles, frameworks and requirements that’s made possible by their wholesome, comprehensive and broad-based approach relevant for every entity either in a mandatory capacity or as a best practices adherence approach. These are not meant to be entity specific or micromanage the affairs of any particular entity.
Any entity is required to adopt the Governance principles, Risk Management frameworks and Internal Controls purposes to suit its needs. Such adaptation is in the form of varying magnitude (scale and size) of governance required, complexity of the risk management framework and internal control thresholds determined by entity specific costs benefit analysis of employing controls to combat risks.
So how come people running an entity’s sustainability and growth support (evaluation and improvement) systems could be sector specific? These people, known as internal auditors, ought to have a diverse exposure to be able to make entity specific advisory on governance, risk management and internal controls.
The adaptations are perfected by having both sound conceptual and theoretical knowledge and broad practical application expertise. Having a broader industry understanding and knowledge and experience of application across diverse business sectors makes it possible for the internal auditors not just to find the best fit for the entities they serve but also to offer fully customized solutions.
This cannot be expected from internal auditors having sector specific experiences, since their exposure and experience would be limited to only a fraction of the industry and they will not be able to relate, co-relate, make comparisons, analyze and identify the best possible advisory for clients they serve.
Moreover, sector specific internal auditors cost more than broad-based internal auditors. This is not because of the direct / upfront costs of their compensation. This is because of the lack of depth and breadth of their experience and exposure due to which the entities remain glued to solutions from their own business sector only, even leading to hiring external expertise for certain advisory engagements for instance, when looking to diversify the business.
Finally, the Internal Audit approach for developing an entity specific internal audit strategy and plan mandatorily (as guided by Global Internal Audit Standards) requires an understanding of the entity’s Governance, Risk Management and Control systems. This follows on from acquiring understanding the entity’s business, industry, operating environment and business objectives. Such a customization is a precursor for beginning to offer internal audit services.
And now for the particularly important skill that entities should look for in their internal audit teams. Its business acumen. And it is developed when internal auditors are given a seat at the table where brainstorming and decision making relevant to business strategy and direction is held. Internal auditors are required to advise businesses right from that point onwards or leading to that level!
So next time, when looking to recruit internal audit talent don’t ask or look for sector relevant experience, instead look for or assess the value addition to businesses they served, their accomplishments, ethical issues they navigated, breadth and depth of experience and exposure being offered and their commitment to the internal audit profession. And when looking to diversify, make sure an internal auditor having broad-based exposure is seated right next to you!
Insisting on sector specific internal auditors is hardly robbing the internal auditors’ opportunities to work in sectors other than they’ve experience in! It’s actually robbing the sectors, the businesses and the economy for the value a qualified internal audit professional could add.
It’s for the operational managers to micromanage / manage according to entity or sector specifics, not the auditors!
By seeking sector specific internal audit talent, you don’t keep us wanting, you keep yourselves deprived! You’re looking to fly in every possible direction, why clip your wings?