When auditors set different standards for themselves

Erin Mandato (erinmandato@gmail.com) is a senior compliance and assurance professional from Mount Holly, New Jersey, with more than 15 years of experience in the pharmaceutical, retail, public accounting and financial services industries.

If auditors were polled on the question, “How many of you have written a compliance audit report where there was at least one finding related to lack of, nonexistent, outdated, or insufficient documentation?” there would be a pretty high chance that most of those polled would answer yes to the question. In fact, a finding related to documentation has become so standard that one doesn’t even have to rewrite it each time; it is just pulled from a prior report with some minor adaptations. Now, let’s poll the same auditors and ask, “How many of you have received review comments on your own work related to nonexistent, outdated, or insufficient documentation?” It wouldn’t be surprising to see most, if not all, of those polled reply yes.

Most of the time, auditors are pressed for time and don’t take a moment to reflect and put themselves in their clients’ shoes. Auditors should, because all too often, their own compliance audits lack supporting documentation. If a third party were to conduct an audit of the audit department, it is likely that a finding related to documentation would be included in the report. The finding could be related to the department’s policies and procedures, or it could be related to the review of an audit file where documentation was missing from testing that supports the auditor’s conclusions. Auditors are all human as well. It happens. We lose things, we misplace items, or we just move too quickly to even question if we have all the information we need. When a client is confronted about missing pieces of information, however, auditors often hear their explanations as excuses with defensive attitudes that seem to communicate, “We don’t know what we’re doing.” Ultimately, in the mind of the auditor, the missing information doesn’t exist at the time of the audit, so an audit finding is identified and reported.

This document is only available to members. Please log in or become a member.