As a CAE with both counter fraud and assurance under my aegis, I have a chance to move between the two. I’ve written a few times about my current (pre)occupation with enhancing and building a world-class counter fraud function, see Fraud assurance . This means that I have been (relatively) good at letting go of my iron grip of assurance.
So as I approach our first audit committee of the new term this coming week, it’s nice to come back to my assurance team’s reports, some of which I have been relatively distant from, to see them with fresh eyes. What a refreshing and new perspective it’s given me. Yes I still think the reports are good (of course I would, I designed and built the methodology and trained and hired the team), but I can also see them as new.
The other reason for the fresh view is that I have spent a lot of time in the counter fraud role, although it is a governance function (and therefore independent of management), it is more closely and immediately intertwined with the management agenda. So we all know fraud is not just: find a problem, investigate, conclude, prosecute, job done. It’s all about currencies of negotiation, dealing with people and culture, working out what the business wants and how it will get there etc. In other words, the management agenda is front and centre of the counter fraud work (including the timing deliverables) in a manner that in assurance and audit it is not.
So what has this new objectivity and distance provided me as insight into my reports. Well a few formatting and style issues that need a light touch on the tiller to readdress, a welcome recognition that the underlying quality of my people and the work they produce is really very good, assurance that audit would not atrophy as quickly as I imagine should I ever become indisposed; but the more insightful thing, that we need to work even more on being straightforward. We should say things as we think they are. We should focus on being clearer in our communications.
As my current and ex colleagues know, I think the usual nonsense of report writing training that says you should write for a five year old, is not helpful. If something is apposite, it’s apposite, not ‘the right time’ or ‘timely’ they have similar, but slightly different, meanings. Yet I recognise that perhaps the biggest change we need to make to our reports is just to have a little more white space, a little less text. Also our report writing style is very formal. Very technical. That’s good, and one of my biggest criticisms of most auditors is that their work is not very meaningful as it is not intellectually sound. Either reports are pseudo science, but actual nonsense; or they are bland and lacking in any technical view or judgement, such that meaning is difficult to discern. I think our less successful reports err on the side of overly jargonistic and technical to hide a lack of real analysis or assessment of the underlying risk position.
I should caveat these observations that I am coming back at my own and my team’s work with a laser-like critical eye, so these are all at the very extreme margins and belie the top quality running throughout the whole body of work. Also what we look at is complex and difficult in my team, so the right answer often does not exist and they do a great job of doing that.
It’s also interesting to observe the cultural and quality standards that are expressed in an audit department’s audit reports. For a good audit department should express its reports consistently, you should not see individual auditor’s work or their agendas or style coming across. I think the CAE’s hand is really important to ensure this style is how they want it to be. So having had a period a little away from my assurance team, I am glad that the my culture is still reflected in the reports.
So I think having had a break from audit is good it gives a CAE a little time to reflect, reset the tiller and the overall direction, and to be assured and pleased about the progress made to date. When’s your next break from audit?