​Risk and Control Issues Commonly Overlooked by Internal Audit 7: The External Auditor​

Comments Views

​As CAE, I have frequently helped the audit committee with their assessment of the external auditor’s performance. While some boards treat this as a perfunctory task, reappointing the auditors without much analysis or discussion, I don’t concur with that approach. Why not? I have seen external audit teams that were poor performers.

What are the risks if the external auditor’s performance is poor?

  1. Inaccurate or misleading financial statements, containing material error. It’s not only that the auditor may fail to detect an error by management, but they may recommend a treatment or presentation that is incorrect. Some years ago, my company’s accounting staff detected an error in a prior year’s financial statements. It was material and had been the specific recommendation of the external audit partner (the current partner agreed that it was an error). There are multiple stories in the news about external auditor failure — can you afford that to happen to your company?
  2. Higher cost than necessary, as the auditor performs work that is inefficient or even unnecessary
  3. Disruption to the business, as the auditor consumes critical management time. I have also seen the external auditor obtain more access to our systems than necessary, which was misused in a way that caused massive disruption: the auditor closed the accounting period during the quarter closing process, preventing journal entries, etc. to be completed.

Now, some may say that it is not the internal auditor’s role to check on the external auditor. But, I believe the CAE should at least consider the risks to the business if the external auditor’s performance is lacking. When the risk appears high, the CAE has to consider what actions to take. In my view, that can best be achieved by facilitating an assessment by the audit committee. It’s very simple, requiring modification to address the specific risks at your organization.

I welcome your thoughts on this topic. I expect it to be controversial — certainly, the external auditors at my companies didn’t like being assessed.

Previous items:

#1: Information Required to Run the Business

#2: The Adequacy of Risk Management

#3: The Root Cause of Almost Every Internal Control Issue Is People

#4: Linking Strategy to Execution

#5: Management

#6: The Audit Committee



Comment on this article

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3