The client/auditor relationship is unique and strange. Basically, your organization is paying someone to look at your highly confidential information (e.g. financials, systems, processes, and controls) to provide an opinion on that information. I’m sure you’re already aware, but the opinion is not meant for the client, but rather for the readers of the audit report.
Stranger yet, the opinion may not be favorable (e.g. qualified opinion) to the client. Yet, the client still has to pay for the audit. Furthermore, due to regulations or contract requirements, your organization may be required to hire an auditor. Bizarre, right?! Nevertheless, the auditor relationship is probably one of the most important your organization has. So, choosing a quality auditor is of key importance.
What are the Qualities of a Good Auditor?
I understand the importance of selecting a quality vendor! For a period in my career, I ran a large IT Project Management Office. My team was responsible for identifying and selecting vendors for large and small system implementations. Vendor selection was not easy and was often time-intensive. Understanding vendors have a huge impact on the success of your organization’s goals, objectives, and culture makes the decision so much more difficult. You want to get it right!
Getting it right is difficult. This is why consultants and software solutions exist to help with the vendor management process. As an example, look at ServiceNow and its Vendor Performance Management solution or the various consulting services McKinsey provides. Some companies have whole departments to manage vendors. Additionally, organizations like the American Institute for Certified Accountants (AICPA) and Gartner provide their own guidance on vendor selection and management.
Not every organization has the time, resources, or processes to get a software solution, hire a consultant, or implement a formal process. Sometimes you just need a vendor, and you need it now.
This article is not all-inclusive and will not touch on every point or aspect of vendor selection. Rather, I will provide you with the following items to consider when selecting an auditor:
- Identifying organizational requirements and business needs
- Auditor qualifications and experience
- The people and the relationship
- Fees and value
What Is a Qualified Auditor?
Finding a qualified auditor is a “no brainer” but it is very important and worth stressing. When selecting an auditor, the auditor should have the qualifications to perform the audit. Two key requirements when determining whether an auditor is qualified are:
- Auditors must be a licensed CPA firm and
- Be independent
CPA licensure is a requirement. Not just anyone can provide an audit, as discussed in this article: “Who can perform a SOC audit.” If you’re looking for a licensed CPA or wanting to verify a CPA’s license you can easily search the CPA Verify Tool that both the AICPA and National Association of State Boards of Accountancy (NASBA) link to.
Auditor independence is another requirement. I know it’s an oversimplification, but auditor independence is the idea that auditors and their clients are separate from one another. Auditor independence is important as it provides report users comfort that the auditor was able to objectively assess the client’s information and truthfully report on the information presented. The AICPA provides a “Plain English Guide to Independence” if you’re looking for more detailed information.
What Is the Client/Auditor Partnership?
In my experience, another key component to having a successful vendor relationship is the vendor/client partnership. When a vendor and client partner together the objectives and goals of both organizations are met. Creating a partnership is hard work, develops over time, and is based on trust.
What Exactly Does an Auditor Do?
An auditor/client partnership can be very powerful. By the nature of an audit, auditors see many aspects of the organization. Including, but not limited to, processes and controls, financial transactions, organizational strategy, and culture. A qualified and experienced auditor can bring invaluable insight to existing challenges. Furthermore, auditors can provide examples of best practices or share how other organizations resolve similar challenges.
You may not know this but as auditors we want our clients to be successful. Of course, that doesn’t mean we dismiss our integrity. We will perform audits in accordance with professional requirements to provide an independent, factual, and objective audit report. As you can imagine, the client/auditor relationship is a fine line that must be managed. Auditors must remain independent and objective. Auditors can provide insight, but management is responsible for making decisions and implementing change.
How Do You Choose an Audit Team?
A consistent, professional, experienced, and friendly audit team pays dividends through the creation of audit efficiencies. All of which stemming from established relationships, improved auditor insight, and trust.
Having a consistent audit team allows for established personal relationships that don’t have to be recreated. Additionally, the auditor has experience with the client environment and knows what to expect. Not having to recreate relationships or retrain a new auditor on the environment saves time for both the client and auditor. Auditors who are familiar with the client’s environment are aware of the nuances and know what to ask for and what is needed for audit evidence. Reducing the burden on both the client and auditor.
Professional and experienced auditors are invaluable. Experienced auditors have seen many different types of environments. Clients approach similar challenges in different ways. This experience provides invaluable insight when providing clients with suggestions or guidance to client challenges. Furthermore, experienced auditors typically don’t audit by checklist, but rather by risk and objective. Whereas newer or less experienced auditors are still learning the ropes and start from a checklist mentality.
A personal aspect that you must also be aware of and pay attention to is….Can you get along with your auditor(s)? You may have found a qualified and experienced auditor. But if you can’t get along with the auditor, the partnership is doomed. Of course, relationships are subjective and differ between individuals. What is important is to find an auditor who works well with you and your team.
What Does an Audit Cost?
I am a huge proponent of value. Any audit performed should have value and should be more than just getting an audit report. Have a read of my previous article SOC Benefits: Beyond the Value of SOC Compliance for Audits for more detail and additional insights.
Whatever your audit fees are, be sure to get the value you deserve. Value can vary and depend on your organization’s objectives. Perhaps your organization needs an auditor “yesterday.” Then, you may not care how much your audit fees are. In such instances, having an auditor who can address your immediate needs is valuable. On the other hand, perhaps you are a startup where cash is managed tightly and strictly and you need the cheapest audit possible. There too is value in such instances.
My suggestion, assuming you have time, is to find a middle ground. Beware of the cheapest audits and the most expensive. Often the cheapest audits put a huge burden on clients to provide and gather all the evidence and audit by checklist. Furthermore, such audits typically, don’t come with or provide audit insights.
On the other hand, the most expensive audits, often, are done by large audit firms where you are paying for the “brand.” Unless you need the “brand” you have many options. Let’s be clear, there is nothing wrong with going with the cheapest or most expensive, so long as your organization sees the value. The middle-of-the-road approach typically means you get quality, professional, experienced auditors who partner with you and your organization. For additional information, check out our blog “How Much Does a SOC Audit Cost?”
The client/auditor vendor relationship is one of the most important your organization will ever have. The impact an auditor has on your organization is great. It is important to select the “right” auditor for you. I discussed several items for you to consider when selecting an auditor. At a minimum, finding a qualified auditor is a must. The remaining items are subjective in nature and will vary between individuals. However, finding an auditor who will partner with you and your organization is invaluable.
If you would like to learn more, check out our blog, or if you are interested in engaging our services for your upcoming audit, please feel free to contact me and the team of audit professionals here at Linford &Co.
Ben Burkett is an experienced auditor for Linford & Co. Starting his career at KPMG in 2002, Ben has extensive experience in the business of Information Technology (IT). As an auditor, he drove IT risk management and compliance efforts. As the head of an IT Project Management Office and a Technology Business Management (TBM) function, he sought to drive and maximize the value of IT.