How to Disagree with Auditors: An Auditor’s Guide

Auditors are required to tell management when control failures are exposing them to risk. Still, many managers at some point disagree with their auditor's assessment. Can companies make auditors revise their assessment? And if not, what's the best way to find common ground in those disparate views?

In short, getting an auditor to revise an assessment does not require a "strategy," just facts. An auditor’s function is to provide an independent and objective opinion on the activity, project, subject, etc, that’s "under review." If you can provide facts that support your viewpoint, the auditors should adjust their opinion. If you can’t provide the facts, you cannot expect the auditors to change the report.

Disagreements are generally painful—awkward at best, disastrous at worst. Thus, you should have two goals whenever you disagree with your auditor: (1) resolving the disagreement, and (2) figuring out how to prevent disagreements in future audit cycles.

Most issues fall into one of two categories:

  1. The auditor's assessment is wrong, in which case you should start gathering the facts and arguments that will sway the auditor to your point of view
  2. The auditor's assessment is basically accurate, but you don't agree it’s a problem or you don’t want the problem to appear on a report. In reality, this is the more common type of manager/auditor disagreement. Unfortunately, it tends to spark less productive discussions, since it challenges auditor judgment, not findings. A successful strategy for swaying auditor opinion should focus on the report tone, item significance and recommended action plan.

Years ago, a colleague learned the distinction of these two categories from a managerial auditee. The manager started a review meeting of a draft audit with a statement that said, essentially, "I accept that we screwed up and that we need to fix some problems. Here is my action plan and our progress to date. Can anything be done to make the final audit report sound less harsh?" A very productive discussion between auditors and the manager ensued. Ultimately, the auditors revised the draft statement so that it was less damaging to the manager’s department. And the auditors and manager had a much better relationship in future audits.

Sometimes management disagrees not with facts, but with the auditor’s interpretation of the significance of the situation. In other words, a manager is less concerned with the facts than the "rating." What happens if the auditor and manager cannot come to an agreement? In such (hopefully rare) situations, the audit committee has ultimate authority: both the manager and the auditor should present their views to the audit committee, which will recommend an action or finding with input from the governance oversight committee.

Obviously, however, preventing a disagreement is more desirable than resolving a conflict that has already generated tension and even ill will between the disputants. To reduce the potential of audit-related conflict, management must be involved early and often with each audit—not just at the reporting stage. In fact, the earlier and more involved management is, the better and more relevant the final audit is likely to be.

During audit planning, management should discuss with auditors the audit scope, purpose, objectives, approach, and proposed evaluation criteria. During audit testing, management should understand what the audit team is doing; for example, what audit tests are being performed and generally what the test results are. Finally, during audit reporting, management should find out early (during the audit debriefing meeting) what the main issues are and what the key recommendations will be—prior to the actual writing of the audit report. Management should raise its concerns early, before the report is set in stone and while discussion can still help to clarify arguable matters.

For its part, the audit team should establish an open and transparent audit process, from start to finish, that allows managers to better understand and fully participate in the audit process. This way, when disagreements do occur (and they will) the "discussions" will be productive, and the facts will "speak for themselves."

About the Author

Dan Swanson, CIA, CMA, CISA, CISSP, CAP, is president and CEO, Dan Swanson and Associates. He is a 26-year internal audit veteran, who most recently was director of professional practices at the Institute of Internal Auditors (IIA). Prior to his work with the IIA, Swanson was an independent management consultant for more than 10 years. He has completed audit projects for more than 30 different organizations, spending almost 10 years in government auditing, at the federal, provincial, and municipal levels, and the rest in the private sector, mainly in the financial services, transportation, and health sectors.

This article originally appeared at itcinstitute.com. Copyright 2008, 1105 Media Inc. Reprinted with permission.


Comment on this article

You must be logged in to leave a reply. Login »