I have always wanted, as an auditor, to get uniformity. I like intellectually tidy processes and controls. I like perfect. Part of this is a natural audit and accounting thing that we auditors all seem to get trained into. Part is that I believe I am a systematic thinker and like to have a clear and tidy idea and view of the world and how it works.
In an audit context it means that I like to go for 100% control, no exceptions. For me, and I have seen this at countless clients, the times when things go wrong are not the 95% of routine transactions, but the 5% non-routine. These are the transactions that need additional controls, more process, not less.
I also see that clients and people, when they are under pressure, rush the big decisions. There seems to be an organisational need to rush everything. This is particularly prevalent in the private sector. Everything is indecently rushed and the aim of the project or transaction or activity is to implement. Yes the end is the more important element than the means, but it goes too far, that the means is completely irrelevant, and the end becomes completion, not completion to an appropriate level of quality. How many times have I seen private sector clients, particularly during transactions, take leave of their senses and rush due diligence, all to achieve a purchase or merger, when in fact doing these things right is more important. Often due diligence is done well after the decision to purchase is made.
Coming back to control processes, perhaps the lesson I have learnt over the years is that I still value and believe in 100%, but see 100% as the application of the underlying principles and spirit of control. I have become, in my slightly older age, a little more flexible about how this is applied. There is a need for flexibility and contingency of approach. This should not, in my view, override the underlying principle of why the control framework is there in the first place.
I have written a number of times that I am not a fan of ‘guidance’. Guidance for me promotes a lack of context, a lack of thinking and a lack of common sense related to goals. It is foolish of any one person to believe they can write guidance or rules that applies in all circumstances to all situations and all time. Thus why not establish a framework of flexible principles?
So perhaps the uniformity is of the application of underlying principles rather than the application of rigid rules. Guidance is often classed as being flexible. It is not. It comes with the debate over ‘should’, or ‘must’. If inviolable rules are needed then put them in. If not, then establish principles. Don’t sit on the fence with ‘guidance’!
Equally we as auditors should draw the line at the ‘flexibility’ argument being used to allow a lack of appropriate control. When a client starts quoting guidance and rules at me, it is normally the point at which they are aware the underlying principle has not been achieved.
Perhaps we as auditors should be trained much less in mechanistic auditing of controls and much more in the process of principles-based argument. Auditing in this, and my, view is a thinking exercise for bright people than a mechanistic exercise for trained people. As the world’s speed of change increases I think we as auditors will increasingly be required to make judgements and form opinions on principles rather than rules. A long overdue development for our profession I think.