Allowing auditors access to information
Owner managers and some business executives (management) still have problems with giving information to auditors. There is a feeling that there is some information that management may withhold from the auditors during the audit process. How appropriate this view is, depends on several factors and key among them is the law or other governing instruments relevant to the entity being audited. This article seeks to give some clarity on this somewhat sensitive subject.
Management sometimes feel that external auditors get to be too intrusive, asking for information in areas that they should not take interest in. In some cases, management thinks that some information is too sensitive to be disclosed to anyone, least a young auditor. This is usually the case with information such as executive pay and perks. Even still some managers feel that some information requested by the auditors make up trade secrets that must be heavily guarded.
Management refuses to give the requested information in several ways. They may expressly refuse to respond to enquiries by the auditors. One client expressly refused to give cost workings because they felt the workings were a key trade secret. They may refuse the auditors access to third parties under the direction of the entity. Clients are usually not amused with auditors talking to their lawyers. They may not expressly bar the auditor from making enquiries with the lawyer, but they will come up with all sorts of excuses. They may play delaying tactics hoping that the auditors will forget and abandon their request. In one entity, certain files were to be handed over to the engagement partner only and no other person on the audit team. This was just a tactic to exhaust the patience of the auditors. They may place various restrictions that make it difficult for the auditor to work freely. When I was a junior auditor, I used to get irritated by finance managers who would want a justification for every sample that I requested. Instead, they would want to correct the auditor’s procedures and provide the information that they wanted.
Whatever the rationale for withholding information from auditors, managers hurt their interests more. This creates acrimony and suspicion between the auditors and management. It also causes a lot of unnecessary delays in the audit because auditors will always insist on the information that they believe is key in the completion of their work.
Maybe the starting point is the legislation. The Companies Act, in Botswana, gives the auditors unlimited access to information during the contact of the audit. This means auditors of a company are at liberty to ask any information that they think is necessary for their audit. Auditors are not obliged to explain why they need such information. The same Companies Act requirements are duplicated in the enabling legislations of other government owned and controlled entities. In majority of such cases, the auditor is obliged to record, in his/ her report on the financial statements, if he/she got access to all the relevant information. You may also find constitutions giving unlimited access to auditors. A suitable analogy is that once one opts to have their company audited, then they are like someone who has agreed to undress in front of the king! There has to be full disclosure.
One may ask why auditors would need to know a lot of other matters of the entity that appear unrelated to the financial statements. This is precisely what management needs to understand clearly and maybe one of the main objectives of this article. The financial statements, though expressed in figures and notes, is a distilled product of many aspects of the entity. All affairs of the entity result, in one aspect or the other of the financial statements. Therefore, by gaining an understanding of other matters of the entity that may seem unrelated to the financial statements, the auditor understands the financial statements better. Just to demonstrate this point, by reading the minutes of the maintenance committee, the auditor gains better insight in the state of the fixed assets of the company. He will be able to evaluate the depreciation policies and any possible impairment. Another example is the auditor taking time to study the incidents report of the IT system of a company. While this looks far removed from the financial statements, it is in fact closely connected to the financial statements. The auditor would be assessing the strength of the IT controls and the controls over the processing of financial transactions by the entity’s financial IT system. Therefore, it is important for management to fully co-operate and provide all the requested information.
Management should openly and proactively provide information to auditors. This improves trust between the two. This makes the audit process smooth and enjoyable by both management and the auditors. In RSM we identify contact persons on both sides. Their function is to coordinate their side’s so that the audit progresses and concludes smoothly. On the part of management, contact persons should be empowered to manage the collation of information requested by the auditors and respond to all other enquiries.
Management is usually afraid that sensitive information will be leaked and will prejudice the interests of the entity. This may be because of malice or an inadvertent leak. While this is an understandable fear, management should not overly be worried. Auditors are bound by their code of ethics. One of the key principles that they undertake to observe is confidentiality. Auditors are sworn to a very high standard of confidentiality. All client information is treated with confidentiality by every member of the audit team or specialists and experts working with the team. In RSM, the breach of confidentiality is so serious that it may end one’s career. Before starting work on any client work, auditors are reminded of the confidentiality requirements by signing an undertaking. We also take various measures to avoid inadvertent disclosure of information. These include a suite of stringent IT security measures. Nevertheless, it is important to understand that the leaking of client information by auditors is by exception and not by norm.
It can however not be denied that there is also some information that management strongly feels is too sensitive. Instead of denying access there needs to be discussions between management and the partner in charge of the audit. In one company, management felt that executive salaries were too sensitive. These were processed outside the company by an external service provider. Management was not comfortable with the information being handled by junior auditors. They then requested the audit partner to look at the information. In another company, management felt that some accounts had highly sensitive transactions that affected national security. They requested the engagement partner to audit the accounts other than any of the junior auditors or the audit manager. These arrangements may be made if management has some misgivings in releasing some information.
However, care must be taken in using this option. First, partners charge at the highest rates in the firm. Should management have such requests, then they should be ready to pay more in audit fees. Having a partner auditing the whole payroll transactions may far outweigh the benefit of confidentiality. Second, these arrangements should not come as excessively unreasonable restrictions on the work of the auditor. In one defense industry entity, management wanted auditors to be locked up in a room for a whole day and were restricted on their use of phones. The overriding principle in this case is balance – measures should not be too restrictive, but they should make management comfortable and also result in the provision of all the relevant information.
Finally, it is advisable for management to provide the required information openly and proactively for audit. This makes the audit easy for both parties. At RSM Botswana, we can assist in compiling information in preparation for audit. When we take on new audit clients, we train the accounting teams on preparing for audit, at no additional cost. This is to ensure that our clients do not struggle in providing us with the information that is needed for audit.