Recently, the Center for Audit Quality (CAQ) and the Institute of Internal Auditors (IIA) conducted a series of roundtable discussions among internal auditors, external auditors and audit committee chairs. The purpose was to identify major risk management and financial statement audit challenges, and to examine ways these three groups can work together.
Tension Between Auditors
One topic of discussion was how internal and external auditors can work together to create a more productive and efficient external audit process. Participants felt that relationships between internal and external auditors had been damaged by Public Company Accounting Oversight Board (PCAOB) Staff Audit Practice Alert No. 11 — Considerations for Audits of Internal Control Over Financial Reporting.
Participants commented that, as a result of the Alert’s section on “Using the Work of Others,” external auditors are more likely to question the work of internal auditors, particularly in high-risk areas. In addition to straining relationships between internal and external auditors, company management has noted that this situation contributes to “audit fatigue.” In other words, the company’s employees are constantly bombarded by one set of auditors or another, often asking for the same documents.
Realizing That Relationships Are Key
To improve relationships, make the audit process more efficient, and reduce audit fatigue, participants recommended better coordination between external and internal auditors, including:
- Collaborating walkthroughs between the two groups so they don’t have to be done twice,
- Having internal audits use the same templates as external audits, to avoid reformatting, and
- Meeting early in the process to discuss allocating work between internal and external auditors. By agreeing on work to be performed by internal auditors for use in the external audit, and on work the external audit team will do on its own, the groups can improve working relationships and avoid duplication of efforts.
Roundtable participants also discussed how enterprise risk management (ERM) can be introduced at companies where it doesn’t exist, and nurtured at companies that have ERM structures and processes already in place. They discussed how audit committees, tasked with oversight of the internal and external audit functions, can foster communications with internal and external auditors and build effective working relationships that enhance the capabilities of all three groups.
The CAQ and IIA describe these discussions in Intersecting Roles: Fostering Effective Working Relationships Among External Audit, Internal Audit, and the Audit Committee. You can read the report here.
The Bottom Line
It’s critical that everyone be on the same page when it comes to making the audit process go smoothly. So contact your external auditor and discuss it with your audit committee chair. They can help you make the audit process more efficient and meet your risk management objectives.