Pre-Auditing: Thesis & Antitheses
Why not pre-audit? When one can do it before it fails. When one can prevent it from becoming a problem. If internal audit is value adding, shouldn’t the value be added where and when it matters the most? Right where and when the transaction is happening? An audit checkpoint right at the heart of the operations ‘certifying’ each and every transaction?
Well, it’s all good! Just that it could be anything but internal auditing. Pre-auditing has got nothing to do with internal auditing, and it would be appropriate to understand it literally……. A practice (malpractice if you may!) that predates any auditing! Internal Auditing wasn’t an evolution of this practice; it could never have been!
Let’s get to the ‘malpractice’ part in a bit. One would ask if its auditing what’s wrong with it. So, let’s get to that right away. Using auditing as a suffix to ‘pre’ makes the auditing a misnomer and for internal auditing is in fact a misdemeanor! There’s no such thing as pre or post in auditing. Post auditing is only used because pre-auditing exists!
Audit isn’t part of transaction processing. And something that’s built into the transaction processing can’t be auditing. It’s simply transaction processing. Whatever verification is conducted at the transaction processing stage, be it budgetary compliance, segregation of duties based signoffs, cross matching, re-computations, accurate recording, etc., these are all components of controls.
And that’s what pre-auditing does; accords its ‘approval’ on transaction processing, taking on responsibility for some of these controls or even assume a redundant layer within the process. But auditing is not control. It is the review of controls. Review for compliances (through assurance) and for improvement (through advisory).
Now when you have to improve the controls or the processes, or the operations, certainly audit can’t do it. It can’t improve a process its already a part of! That’s neither objective, nor independent. So, who reviews and who improves it? Management?
Isn’t it then the same thing? Managements and Auditors whose job is to pre-audit? Any differences out there? Both are responsible for implementing controls, only that auditors in such a situation can also con their customers / managements. Simply because they represent a different process owner group stamping each and every transaction but playing on the perception of not having a part in it.
Exactly. The perception then is an illusion or more aptly a hoodwink because being a process owner also means that they own responsibility of their actions and that’s exactly what happens when they do clear a transaction that had errors. Would you expect to be left off the hook when you’ve signed something that was to be rejected or corrected and wasn’t?
And that’s when such auditors try their best to question each and every transaction coming their way and that also gives them a position from where they can fleece their clients (managements) for some easy cash, gifts, favors or any consideration in kind!
That’s right, pre-auditing earns some conmen reputation for the auditors. To me it’s like bent coppers! With the auditors earning some easy money from their clients for ‘approving’ their transactions. Now that’s the system pre-auditing develops and if that’s the system managements expect to have, they shouldn’t be bothered about any other systems working in the organization.
Since systems help an organization sustain its operations, grow through evolution and improve its financial viability, pre-auditing is an anti-system. Simply because, it doesn’t let other systems to improve, evolve or even sustain, in a two pronged regressive approach. Firstly, it feeds itself dwarfing all other systems, especially the accounting system, since transaction processing and verification is primarily an accounting system responsibility.
And since accounting system is the frontrunner for internal controls in any organization, all other systems follow suit because their transactions are also reviewed while they’re yet to happen through pre-auditing. The other regressive approach is the handicap the auditors become owing to the loss of their objectivity and independence, becoming control themselves.
Summarily, the detrimental effects of this ‘malpractice’ are:
- Increased processing time requirement, administrative overhead and costs in adding another almost redundant layer of transaction processing.
- Deterioration of the system of internal controls; the real process owners allowing themselves to be lax and relying on auditors to identify and correct their slippages.
- Negative Return On Investment, not just in terms of investment in auditors doing pre-audit but also in terms of the real process owners, who won’t evolve and improve.
- Promotion of the illusion of the verification through auditor’s stamp; suggesting every transaction passing through audit is good to go.
- Regression of the organizational culture to a bent coppers culture, where auditors assume policemen role and practice a sense of self elation in turn promoting of the ‘audit clearance fee’ culture.
- Not benefitting from professional internal auditing to improve the processes and the systems.
Enough food for thought on why the ‘malpractice’ part?
Or still believe, if it can prevent a transaction turning into a loss, why not have pre-auditing? NO. Because:
- Managements not auditors run operations.
- Managements are process and system owners; auditors are meant to be independent and objective evaluators of design and compliance.
- Controls are preventive, detective, corrective. Audits aren’t controls.
- Pre-auditing is a misnomer for a regular management owned transaction processing exercise.
- Pre-auditing still is no guarantee of a transaction processed as intended.
- Pre-auditing focuses on the transaction in hand and the fractional control that it is performing. It doesn’t and thus cannot review and improve the whole system of internal control, good for all or most transactions.
- Pre-auditing cannot review the system beyond the transaction owing to the time allocated to transaction processing.
Auditing can’t be part of the transaction processing or part of the operations. It has to be outside (read independent), else while it isn’t auditing!
And why exactly should your internal auditors be tasked with this disservice to the auditing? Simply because internal auditing is not a statutory compulsion in most territories and is simply good to have? Or because it regulates itself through its own Global Internal Audit Standards? Or because it is believed that being ‘internal’ it can be asked to provide any service to management even if it amounts to encroaching upon the management functions?
Internal Auditing has got nothing to do with pre-auditing and there’s no such thing as pre-auditing. Internal Auditing is about sustainability, evolution, improvement and growth of its service seekers through objective and independent interventions!
But if internal auditing can continue to report to finance at this day and age in certain territories, pre-auditing is not even half the evil.
In fact, for those who believe in it, see value in it and for them it’s a necessary evil.
To me that might be the only rationale of having pre-auditing, having an absurdity so large like reporting to an audit client makes it look good!