Answered step by step
Verified Expert Solution
Link Copied!

Question

1 Approved Answer

7 Practices for Better Audit Outcomes The U.S. Department of Homeland Security follows guidelines aimed at improving the auditor-auditee relationship. Jim H. Crumpacker W

image text in transcribedimage text in transcribedimage text in transcribed

7 Practices for Better Audit Outcomes The U.S. Department of Homeland Security follows guidelines aimed at improving the auditor-auditee relationship. Jim H. Crumpacker W hen it comes to ensuring successful audit outcomes, the two parties involved the auditors and the auditees-must be committed to active cooperation. Throughout my career, I have followed certain principles that, when consistently adhered to by both parties, have resulted in successful audits. I have worked in the U.S. Air Force Audit Agency and in the Office of Inspectors General (OIGS) of both the U.S. Postal Service and Department of Transportation. Since 2010, I have served as the director of the U.S. Government Accountability Office (GAO) OIG Liaison Office for the U.S. Department of Homeland Security (DHS). In my cur- rent position, I facilitate nearly 250 GAO and various OIG performance audits at one any time across DHS. These seven principles, along with approaches DHS uses to implement them, can easily be used by other organizations seeking to improve their audit outcomes. Believe Audits Make Things Better his foundational principle requires auditors and auditees believe in the work they are doing and remember that it's not just a job. Auditors and auditees must do the best they can with a view that the results of their efforts will add value to something greater than themselves. For many at DHS, believing this translates into know- ing that audit's efforts are helping make the department's programs, operations, and activities more effective, thereby ensuring the U.S. and its citizens are safe and resilient against terrorism and other hazards. Tone at the top in both the audit and audited organization is crucial to successfully implement this principle. For example, senior lead- ers in the audited organization must have processes in place to demon- strate a personal awareness of, and an active interest in, the audits occurring within their organization. To facili- tate this, DHS assigns a priority of 1, 2, or 3 to each audit using broadly defined criteria supplemented by professional judgment and experi- ence. Criteria include considering the level of taxpayer funding in a par- ticular program or initiative and the significance of potential violations of statutory or regulatory requirements. Priority 1 audits warrant secretary or deputy secretary of DHS attention; Priority 2 audits are those that can be monitored at the component or headquarters directorate level, such as by the administrator of the Federal Emergency Management Agency; and Priority 3 audits are considered less critical and can be monitored Understand and Respect Audit Independence A rguably, one of the least understood audit standards is the U.S. Generally Accepted Government Auditing Standard of Independence, which estab- allows audit opinions, findings, conclusions, judgments, and recommendations to be impartial and viewed as such by reasonable and informed third parties. Inde- pendence requirements relating to the audit organization and individual audi- torincluding what independence of mind or in appearance meansand how professional skepticism is correctly defined, can be difficult to fully understand. When auditees have trouble with these or other aspects of independence, they usually just need to learn more about the concept. It is more problematic when auditors do not fully understand what independence is and is not. During my more than 30-year career, I have seen instances of auditors know- ingly or unknowingly misapplying the independence standard as leverage in an attempt to get whatever they wanted, thereby impeding successful audit outcomes. For example, some auditors have told auditees that if they did not immediately produce exactly what they asked for, or let the auditors come and go throughout the organization whenever they wanted, then the auditee was impinging on audit independence. This is quite an overreach. One way DHS mitigates misunder- standings about independence is through an annual joint DHS-wide town hall meeting hosted by the DHS under secretary for management with the inspector general and attended by audit staff, agency leadership, and program officials. The meeting's question-and-answer format provides an opportunity to openly discuss topics such as independence and, more importantly, to correct misunderstandings. Without audit independence, the value of an audit is considerably diminished; auditors and auditees need to be in sync on independence and why it is needed. at the program office level. The priority assigned to an audit is subject to change, depending on circumstances, as the audit pro- gresses through its life cycle. Be Open and Transparent T here should be no secrets when working with audi- tors. Honesty is the best policy, even if being less than open and transparent may seem more expedient in the short term. Making sure there are no surprises at the end of an audit goes a long way toward ensuring successful audit outcomes. The audit life cycle can be long, some- times taking a year or more from research, announcement and entrance, fieldwork, summarization, report writing, Be Responsive S uccessful audit outcomes require a commitment to work collaboratively with the other dedicated professionals involved with the audit. Responsive- ness means reacting quickly and positively, and generally reflects how much someone cares about something. For example, consider how auditors and auditees respond to information requests from one another. One way to help ensure success is to set clear expectations for these interactions and adhere to them. Senior departmental leaders at DHS have consistently articulated expectations for the entire workforce regard- ing cooperation with GAO and OIG, including their contractors. To maximize effective implementation of this guidance, auditor-to-auditee communication is streamlined and, as a matter of practice, audit issues are addressed at the lowest organizational level possible, trusting and empowering staff and elevating matters to more senior leadership only when necessary. This involves a certain degree of riskfor example, sometimes audi- tors do not receive the most fully informed response to their questions-however, DHS has found the risk to be acceptable given other controls implemented to balance the risk for the benefit of both parties. exit, and management response, to final report publication. Ample opportunities exist throughout the life cycle for audi- tors and auditees to allow the truth to wander. This may involve something the auditor wants to know, such as how a specific aspect of an internal control system might actually be functioning, or something the auditee wants to know, such as what findings and recommendations the auditor might be thinking about including in the final report. DHS designates an executive-level senior component accountable official (SCAO) for audit activities within each component and headquarters directorate. SCAOs have wide Stay Engaged E arly and continuous involvement can be dif- ficult, especially for auditees, because audits can require significant time and are not part of their primary day-to-day responsibilities. However, if auditees believe audits make things better, they will give them an appropriate level of attention among competing mission-related priorities and demands. Likewise, audi- tors should be mindful that continuous and effective communication with auditees ultimately enhances the flow of information and exchange of ideas. Auditors also need to be understanding about responsiveness lag when other auditee duties occasionally take precedence over the audit. One way DHS engages with GAO and OIG during the audit life cycle to help ensure successful outcomes is through a standardized technical comments process for communicating and documenting management feed- back on auditor statements of fact, notices of findings and recommendations, and discussion or draft reports. Auditors receive and consider these comments, seek clarification when needed, and make changes to work products, as they deem appropriate. The comments are not intended to substantively alter audit findings, con- clusions, or recommendations. Instead, they are meant to strengthen work products by improving accuracy and context, preventing the inadvertent disclosure of sensitive information, helping validate actionable recom- mendations, and minimizing the number of disagree- ments. As a result of this process, DHS officials rarely find themselves questioning audit report narratives once published and distributed to the U.S. Congress and the public, including the media. Rather, conversations focus on what is being done to implement recommendations. organizational influence-typically at the chief of staff level and also are responsible for, and have authority over, their respective organization's audit activities. The SCAO enables and assists program officials, audit liaisons, and others with all aspects of the audit process, includ- ing helping to resolve issues that could endanger open and transparent relationships with auditors. For example, SCAOs have mediated disputes concerning what sensitive records may be shared with GAO and OIG auditors. Prepare Detailed Management Responses to Audit Reports anagement responses can contribute to successful outcomes if they clearly document management's position on the findings and recommenda- tions, identify the corrective actions that will be taken (with estimated completion dates), and assign responsibility for those actions. Audi- tors generally include management responses verbatim in an appendix to final reports, which are then widely distributed inside and out- side the organization. Well-written management responses represent an opportunity to demonstrate how seriously the auditee takes audits. Also, when considered with the auditor's evaluation and analysis of the response-which provides addi- tional audit perspectives on manage- ment's comments and is included in the final report-management responses provide a good roadmap for recommendation closure and the resolution of disagreements. DHS requires a written man- agement response for all audit reports with recommendations. Responses must: Clearly state agreement or disagreement (concur or non-concur) with individual recommendations. Partial con- currences are not allowed and it is acceptable to non-concur as long as the rationale for doing so is included. Specifically identify the orga- nization and office responsible for taking the corrective action, such as the U.S. Customs and Border Protection Office of Field Operations. Actively Follow up on Recommendation Implementation D HS and its auditors view audit follow-up as a shared responsibility and an integral part of good management. This view has significantly improved and facilitated positive interactions among auditors and auditees. DHS devotes substantial attention to taking corrective actions on audit findings and recommendations, a practice that is essential to improving operational effectiveness. This requires sustained leadership commitment at the highest levels. For example, the DHS deputy secretary and/or the under secre- tary for management meet with the SCAOs every two months to review and discuss the status of ongoing audits, open recommendations, and related per- formance measures. Senior leadership also receives various periodic audit status reports in between these meetings, including a biweekly Priority 1 report. If DHS management commits to an action in an audit response, it does its best to follow through on that commitment timely. DHS also strictly adheres to a practice of not closing any GAO and OIG audit recommenda- tions without first reaching agreement with the auditors. This provides Con- gress and the public added confidence that appropriate actions have been taken to implement these recommendations or otherwise resolve any disagree- ments. As a result, DHS averages less than one recommendation annually that requires formal resolution. Outline what will be done to implement the recommenda- tions including proposing alternative corrective actions if program officials believe these would be more effective. This is typically stated in terms of actions completed, ongoing, or planned, being sure to address all aspects of each recommendation. Include an estimated completion date for each action, which can be up to 12 months beyond the estimated date of the final report, or longer if interim milestones are included at approximately six-month intervals. A POSITIVE APPROACH Successful audit outcomes do not just happen. The participants must believe audits make things better and be mindful of the six other principles for ensuring successful outcomes. Moreover, auditors and auditees have a fundamental responsibility to ensure that the resources expended on audits provide a positive return on investment for stakeholders. la JIM H. CRUMPACKER, CIA, CFE, is director of the U.S. Department of Home- land Security's GAO-OIG Liaison Office in Washington, D.C. This article represents the personal views of the author and not necessarily those of any U.S. government department or agency.

Step by Step Solution

There are 3 Steps involved in it

Step: 1

blur-text-image

Get Instant Access to Expert-Tailored Solutions

See step-by-step solutions with expert insights and AI powered tools for academic success

Step: 2

blur-text-image

Step: 3

blur-text-image

Ace Your Homework with AI

Get the answers you need in no time with our AI-driven, step-by-step assistance

Get Started

Recommended Textbook for

Effective small business management An Entrepreneurial Approach

Authors: Norman M. Scarborough

10th Edition

132157462, 978-0132157469

More Books

Students also viewed these General Management questions