Auditor – A Listener!

I was watching the video on Tom Peter’s site (http://www.tompeters.com/books/little-big-thing/) regarding strategic listening. He mentioned that doctors interrupt the patient’s description of his/her problems within 18 seconds. Just 18 seconds, before a doctor starts formulating an opinion on the diagnosis. It got me thinking, the word auditor has two meanings specified in Oxford dictionary 1) a person authorized to perform an audit and 2) a person who hears; a listener. As auditors, are we listening?

I would say as auditors we are party to the crime of not listening properly and strategically. How much time do we spend in understanding the business strategy and objectives, mission and vision of the business owner/ department which we are auditing? How many of us conduct an informational interview with the teams to understand their business operations and the risks which are perceived by them? Taking a rather negative viewpoint, although would say depicting the real scenario, auditors have an introductory meeting with the business  team and tweak their pre-developed audit program somewhat. An audit is conducted according to  a standard program and checklist, and a report issued accordingly, sometimes the previous one modified apprpriately. I think we should hold ourselves accountable to Albert Guinon’s quote “There are people who, instead of listening to what is being said to them, are already listening to what they are going to say themselves.” Then as auditors, we are surprised that our recommendations are not implemented and the business teams are complaining that the audit has provided no value add.

I searched for data on time spent by auditors on various activities and the percentage of those spent on listening but could not find any. A report on MetricStream (http://www.metricstream.com/) states that 40% of the audit time is spent on documenting work papers and writing reports. The rule of thumb is that 60-70% audit time is spent on execution.   To exemplify my point, I am taking one audit staff’s time distribution for conducting an assignment for a 10 man day period. The ball park figures are depicted in the chart below. Here, of course the assumption is that the meeting time was used to effectively listen. My guess estimate is that if we take 50% of the time as effective listening it would be more realistic. To conclude, on an average one audit staff spends 5% of time listening to the business team. Does this percentage surprise you?

 

 

The nitpicking can be done regarding the figures, however the point remains that auditors are not spending significant time listening to the business owners. To further illustrate the point, the top three aspects which we need to understand from the business owner before even preparing an audit program, are:

1.       Business Strategy, Mission and Vision

What is the business strategy, mission and vision of the organization and the department and how do you plan to achieve it? Was it the same previous year or has it changed, and if so, what are the changes? Do you believe this is the right strategy to adopt or are you planning on changing it?

2.       Organization Culture

Is the organization culture constructive, aggressive, passive or destructive? What emphasis is placed on building an ethical organization culture? What are the un-discussable issues in the organization? Are there any incidents of work place aggression and how have these been dealt with? Is the leadership open to ideas, concepts and discussions with the juniors?

3.       Balance Score Card and Key Performance Indicators

What is your job, how do you perform it, what are the problems you face, what are the risks you perceive and how does your performance get measured?

The question is how much time do we spend on understanding the basic business operations and environment before commencing an audit? The answers to the above questions will facilitate an auditor in understanding the key concerns of the business, the level and focus on implementation of risk management and corporate governance

It is imperative for auditors to understand the business at macro level before focusing on the micro level. Conducting an audit of transactions does not yield the desired results of giving a comprehensive view of business risks and risk mitigation plans, policies and controls. It is the people who are driving the controls environment, so without dealing with them how can we actually create effective risk management culture. So what is the inhibiting factor for auditors for asking the right questions and listening to the right answers. Is it that they fear developing an image of nosey parker or the other extreme, ask no questions and hear no lies?

For effective listening, an auditor needs good communication skills, be attentive and create an environment of trust. In the words of Lee Iacocca, former CEO Chrysler Corporation “I only wish I could find an institute that teaches people how to listen. Business people need to listen at least as much as they need to talk. Too many people fail to realize that real communication goes in both directions.”

Some of my colleagues would say I am being critical. My defense is that as auditors we spend a whole lot of time reporting deficiences in business operations and stating that business owners do not listen to us.  Can auditors be understood when they fail to understand? Should auditors be spending more time listening to the business owners? Should the audit methodologies be changed to incorporate a higher percentage of time spent in discussions?

Welcome your comments on it.

Advertisements

5 comments on “Auditor – A Listener!

  1. This may be true for the people at the Managing level however when it comes for execution, the field staff needs to be in touch with the process owner’s or manager’s.
    Furhter, they need to make a two way communication by way of compiling their views and making them a part of Audit planning, when it comes to selection to audit areas and the inclination required in specific aspects at the time of discussions with internal team. The internal team in turn needs to look after this information and include it in agenda for meeting with the client’s team when deciding the plan.

    In continuance of the above, since the Top Management is more interested in macro level risks the Audit team before preparing a plan needs to map the macro risk with the audit areas identified and provide objectives that can be achieved through an audit at transaction level. (This can be done easily with the help of Risk Register or results of risk assessments)

    Furhter, I think that you are missing one particular area that management and not auditors are updated on a real time basis with the results of CSA (Self Validation or Control Self Assessments or Internal Surveys) Checklists and hence are able to direct the auditor to look into vulnerable areas. The same information may not be always available with Auditors.

    Also, if we talk about KPI’s and we know that promotion, bonus and increments are directly related to achievement of same in great number of organisations, if we listen to them, it may lead to a instances wherein the management is diverting the attention of auditors towards strong business processes wherein leaving the vulnerable aspects with them in hope of KPI achivements.

    • Hi Devendra,

      Thank you for your comments. I agree with you that the execution phase involving field staff has the maximum interaction with the business operations team. My viewpoint is that most of the time is spent in obtaining answers to queries, rather than listening to them. Here I am making a diference between hearing and listening.

      The second aspect, regarding macro level risk identification, we as auditors still need to do a whole lot of work to get a seat at board level and be involved in risk management at strategy fomation level. We are still by and large, involving ourselves after the strategy has been rolled out, hence are not at the CEO radar level.

      Third point, managers not auditors are updated. Very valid and agree with you. Should we as auditors not changing things here and ensuring that we are updated simultaneously, so that we can provide recommendations and solutions to the management on real time basis.

      I think in respect to the KPI point, I would disagree with the explanation. As auditors, we are required to be indpendent. I think a discussion on sensitive topics is required and we should even after obtaining all the information be able to maintain an independent thought process.

      Welcome your thoughts on it and thank you for taking the time out to discuss.

      Kind regards,

      Sonia

  2. Pingback: Communicating to Bore Audience to Death – Come Join the Club. « Sonia Jaspal's RiskBoard

  3. Pingback: Corporate Governance in Private Limited Companies « Sonia Jaspal's RiskBoard

  4. Pingback: Program Change Management Risks « Sonia Jaspal's RiskBoard

Comments are closed.