Like many finance professionals, I began my career in audit. Here are five things that I learned from auditing and still use many years later.
How to understand an organisation’s finances, quickly
I learnt formally about “financial analysis” in the second year of study, but I had already learned a lot of it from auditing. As an auditor, you have to go into an organisation and quickly understand their financial performance, position and risks. You need to be able to put the numbers that you see in front of you in the context of what you understand about the sector and the specific challenges of that organisation. Auditors review management accounts so get to understand how the decision makers in the company view the numbers. (Spoiler alert- it rarely bears any resemblance to the statutory accounts).
How to assess internal controls (and identify useless ones)
If you’re doing audit properly, you do a lot of work on the organisation’s internal controls. It forms a key part of the planning process. You rely on the organisation’s internal controls where possible – once you have assessed and tested them, of course.
I’ve written more here about assessing internal controls. I learned the vast majority of this from auditing, from comparing different procedures I’d seen at different clients. This taught me that you can have completely different processes and still achieve the same control objective. I also learned that you can have a lot of noisy activity that looks like control but is useless.
From an audit perspective you’re only really interested in controls that might impact on the numbers in the financial statements. It’s important to remember when you get into the real world that the company has other goals beyond accurate financial reporting. (Yes, I know, this came as a massive shock to me). However, the approach to internal controls that you apply to financial records applies equally well to any other type of business process.
Professional scepticism
The International Auditing and Assurance Standards Board (IAASB) defines professional scepticism as:
“an attitude that includes a questioning mind, being alert to conditions which may indicate possible misstatement due to error or fraud, and a critical assessment of audit evidence”.
While these concepts are specific to audit (and the audit profession is constantly criticsed for not being sceptical enough), these also translate well to any review of numbers or business processes that you carry out internally.
I always want to know the source of information and how robust it is. I’m constantly asking annoying questions like “how do you know they apply this procedure constantly?” or “What’s to stop you making up the numbers?”
As I’ve got older I’ve learned more tactful ways of asking these questions but I still need the answers.
Whereas I find that colleagues from a non-audit background are more likely to take controls at face value, and they certainly don’t feel confident challenging the lack of them, particularly at senior level. I always remind them that the most successful frauds are committed by finance staff, usually senior ones.
How (not) to prepare year end accounts
Unlike many auditors, I didn’t have to prepare statutory accounts while I was an auditor. However, seeing how lots of other organisations did it gave me a really strong insight into the good, the bad and the ugly approaches to this annual task.
I’ve written about this more in a blog post about preparing a robust year end accounts model, and also in this post about having a smooth year end process.
How to get to the point
“Your responses to the audit tests are too long. I have to read and review everything that you say, so more bullet points and less undergraduate essay, please”.
One of the most useful pieces of feedback I’ve ever received.
If you want a quarterly newsletter summarising latest developments in Excel and other things I've found interesting or useful, please sign up here. I won't use your data for anything else.