Primary navigation:

QFINANCE Quick Links
QFINANCE Topics
QFINANCE Reference
Add the QFINANCE search widget to your website

Home > Auditing Best Practice > Auditor Sensitivity to Source Reliability

Auditing Best Practice

Auditor Sensitivity to Source Reliability

by Denise Cicchella and Stuart Gardner

Executive Summary

  • The importance of understanding the source of information and the reliability of that source.

  • The challenges and constraints auditors face in current environments.

  • The importance of kinesics-based techniques, neurolingusitics, and professional skepticism.

  • The role of management in ensuring that audit staff and other resources have the skills necessary to assess reliability of information.

  • The importance of techniques necessary to select and interview “experts.”

Introduction

The auditor is always playing catch-up. Both external and internal auditors have to review the work of people who do the same job day-in, day-out and who, if competent, are usually intimately familiar with the processes, systems, and information that are under their control. Looking at the transactions on a historical basis further hampers the certified public accountant, chartered accountant, or other audit professional. These difficulties have been overcome by structured professional training, on-the-job training, and thorough review of audit work.

Auditors face numerous challenges in assessing the evidence behind the statements which they are auditing:

  • a constantly evolving landscape of technology that feeds service delivery, distribution, resource management, reporting, decision-making, and a host of other systems;

  • regulatory environments that change rapidly and are rarely consistent from jurisdiction to jurisdiction;

  • expanded reporting requirements (e.g. corporate social responsibility statements);

  • complex new financial products whose risks may not be completely understood;

  • assessing the work of nonfinancial staff, who often have an asymmetric advantage in their area of expertise.

What do these challenges have in common? Much of the risk from these areas stems from change, lack of experience, and the unknown. What else do these challenges have in common? Most will result from companywide projects and programs. The project that addresses a new regulatory requirement, product, system, service, or building, places organizations at substantial risk. Key vendors supporting change often possess greater knowledge and experience than internal staff, further increasing the risk of fraud or substandard delivery. Many projects are delivered late, fail to meet expectations, and exceed budget. Such projects need to be included within the audit universe of internal audit. High-risk projects must be audited. External audit, equally, must consider any project that impacts their client as a “going concern.”

Project audits provide an opportunity to ensure that appropriate governance is in place to report progress to senior management, ensure effective control of change, and provide quality assurance that, if absent, may well lead to adverse or even disastrous results. An audit of a project should also include an assessment of future audit trails for new products, services, and systems. This should be performed before completion of the project, when any changes or reengineering cost are likely to be far higher. It is at this stage that audit can most readily address the systemic reliability of evidence issues.

A fundamental skill is the ability to quickly assess the reliability of both people and information while applying appropriate “professional skepticism.” This chapter will explore the use, evaluation, and assessment of information—how auditors should consider reliability, and the red flags to consider when evaluating information sources in the context of a project audit.

The Institute of Internal Auditors (IIA) states: “Internal auditors must identify sufficient, reliable, relevant, and useful information to achieve the engagement’s objectives” (Standard 2310). The Institute further clarifies this to mean: “Sufficient information is factual, adequate, and convincing so that a prudent, informed person would reach the same conclusions as the auditor. Reliable information is the best attainable information through the use of appropriate engagement techniques. Relevant information supports engagement observations and recommendations and is consistent with the objectives for the engagement. Useful information helps the organization meet its goals.”

It is often the case that the information obtained or given to an auditor is subject to interpretation. This is particularly true of project audits, where information may be presented as optimistically as possible to present the best possible case rather than the most realistic. There is often external “noise” that may cloud project reporting as various stakeholders interpret results to meet their own agendas, which may or may not be aligned with the goals of the project. Auditors are faced with constraints that may tempt them to jump to conclusions or misinterpret information—or simply to “go with the flow.” Audit management should work toward eliminating or mitigating these constraints through a proper structured review of projects and supervision of assignments. Some of the constraints faced by auditors are:

  • the time assigned to perform project audits;

  • understanding of project processes as written and as practiced, which are often not the same;

  • full comprehension of the subject matter being audited—products, lines of business, business constraints, system functions, etc.;

  • acceptance of issues with client management, who sometimes force issues to be negotiated for “softer” wording;

  • access or ability to get messages fully communicated to an audit committee or senior management with possibly limited time before a project becomes operational (the audit committee may read only the first few lines of an audit report and will not take the time to read all the evidence supporting an opinion).

Back to Table of contents

Further reading

Books:

  • Bandler, Richard, and John Grinder. Trance-formations: Neuro-Linguistic Programming and the Structure of Hypnosis. Moab, UT: Real People Press, 1981.
  • Walters, Stan B. Principles of Kinesic Interview and Interrogation. 2nd ed. Boca Raton, FL: CRC Press, 2003.

Standards:

  • Institute of Internal Auditing (IIA). “ International standards for the professional practice of internal auditing.” Online at: tinyurl.com/7xg5rlw
  • International Federation of Accountants (IFAC). “International Standard on Auditing 500: Audit evidence.” Online at: tinyurl.com/6qph7p2

Website:

  • International Federation of Accountants (IFAC): www.ifac.org

Back to top

Share this page

  • Facebook
  • Twitter
  • LinkedIn
  • Bookmark and Share