“They waste time asking the same questions every year.”

“They do not know my business and they are wasting my time.”

“They are expensive and offer zero value to us – in fact they are The necessary evil!”

These are some of an infinite list of references to auditors that I am sure you have also witnessed at some point in your career.

And the impression that goes out to the world is that the audit profession is not for the intelligent, smart and ambitious young graduate! In fact I heard professors urging the examination committee to pass someone saying “you never know he may become an auditor”.

It may help to understand how “unreasonable” auditors are by re-living a small experience where I tried to explain to such a young graduate:

  • what audit is, and
  • what he should expect from an audit career.


Here’s the story…

I was discussing with a group of young graduates that were contemplating the audit profession just after an induction course on Audit Skills.

One of them asked why go into such a boring career and not stay with his engineering friends building and flying rockets for customers.

Apparently, this team of friends was seriously considering continuing the project and making it a serious business.

This was a little challenge for me as I wanted on the one hand to keep this brilliant graduate in my team, but on the other hand I wanted to offer him genuine advice for him to make a good choice that was his own.

So I asked him to describe to all of us in the group what this business was about and how it was managed.

We all agreed that the best way to describe it was by listing, even randomly, the risks involved in this business.

It was quite amazing how this created a lot on interest and excitement amongst all the trainees, all of them asking questions and suggesting risks that were very valid:

  • Getting a license to fly such rockets;
  • Ensuring the safety of the users of the rockets;
  • The complexity of the construction of the rocket;
  • The possibility of it failing to work;
  • The warranties to be given to clients;
  • The financing of the business and the repayment of this financing;

… and so on.

Business risks

We ended up with a long list!

Can we categorize these risks?

Then we agreed to separate the list into two groups:

1. Inherent risks

These were inherent into the type of business, for example:

  • The license needed to fly a rocket and maintaining it;
  • Finding and renting land to make the launch;
  • Weather conditions at the launch;
  • Dealing with the Civil Aviation and the delays this causes is specific to this business;
  • Sudden change in the price of specific fuel to be used on the engine that you have just built;
  • The kind of tests needed and the cost to find and use a launching area;

…and so on.

Different businesses will be faced with different inherent risks and these will depend on the nature of that business as well as the environment where it operates.

2. Control risks

These were associated with the actual controls that the team put into place to ensure success of the final objectives of their business.

In other words, when asking What Can Go Wrong questions, control points can be identified.

For example, inspecting the systems just before the launch. This involves:

  • Monitoring the weather forecast so on the date planned for the launch the weather is right;
  • Ensuring that spectators are safely at a distance and do not interfere with the launching team;
  • Checking the fins of the rocket to ensure a vertical smooth lift-off.

… And so on and so forth.

Every business will be faced with such risks and it is up to management to ensure that controls are built into all the processes of the operations to ensure that things do not go wrong.

What about audit risks?

Then we went back to the job of an auditor whose job it is to make sense of this.

And this is simply described in one simple equation that guides the auditor through their work:

Audit risks

This equation is saying that the risk that an auditor will not identify errors and omissions in their report and therefore be liable for negligence is dependent on:

  1. Inherent risk – Business with higher inherent risk will obviously pose a higher risk to the auditor and this means that the auditor will have to exert more effort and time and skill to mitigate his/her risk.

    Auditors will want to identify these risks so that they know how to assess their risk and plan their audit work.

  2. Control risk – Businesses that put into place effective controls and actually work will give the auditor more confidence and therefore less work in conducting the audit. Auditors will therefore identify and test these controls to see how far they can rely on them.
  3. Detection risk – This is the risk that an error or omission will not be identified by the auditor and the size of the risk will be determined by the auditor.

If we look carefully at the first two elements of audit risk, inherent risk and control risk, we are actually looking at what we all recognize as Business Risk!

This risk approach that auditors take to determine and plan their work is very important and very beneficial to the clients.

As auditors need more understanding of the client’s business they set up large databases of information about the economy and the business world which means that they have to understand their clients’ business well.

They can therefore work with the client and serve as an “advisory” point where clients can re-think their strategies and their operations and their competitiveness.

And for the young graduate it means that spending a few years practising the profession of an auditor would enhance his knowledge and skills as a business person and develop him as a business professional to either:

  • Move out of audit and into an exciting business career; OR
  • Move upwards into the audit profession and be involved with ever exciting business projects as advisor to her clients.
Marinos AthanassiouThis article is a guest post written by Mr. Marinos Athanassiou, Director at GnosisLearning, which offers innovative online learning solutions in IFRS, Financial Management and Compliance. Prior to that, he developed the EY Academy of Business in Poland, originally for EY professional staff and later for the external market.