Uncovering the Truth about Business Audits
Results Of, By and For Management
To say that internal audits cover a host of sins would overload language already freighted with business and religious ambiguity. Say it anyway. Aside from “internal,” there are only three operative words (best addressed in reverse order): sins, host, cover. Top management controls all of them.
Control trumps everything. To some extent internal audits are a process. From another perspective, they are invasive and investigatory. They can also be icing, laudatory permission for more of the same. They can be routine, damning or justifying. It all depends on what top management wants.
Typically, top management wants to check off routine, to acknowledge having been there and done that for the sake of customary expectations. But the very fact that internal audits exist is an admission of sin somewhere. It’s just not supposed to be there, in their house. But if sin is to be found, they want to find it before someone else does, someone like a government agency.
MiniScribe, a company manufacturing disk drives, was founded in 1980 and immediately soared to success. But they flamed out in 1989 when an investigation found fraudulent financial records, even to the point of “shipping bricks and scrap parts disguised as disk drives.” Why didn’t MiniScribe conduct an internal audit before then? Sin can be tempting.
And there are many ways to sin. The host factor is itself layered with meaning, both many and container, especially with the connotation of amiability. Knowing this, top management, seeks to address the multifarious methods of sin while simultaneously diverting serious examination that might jeopardize its larger goals. The very fact that there are so many segments of a complex company creates further opportunity for top management.
Here, we have the cover factor. Again, there are ambiguous aspects. “Cover” means to check as well as to obscure. The mother of all examples is Enron, the energy giant toppled in 2001 after financial manipulation that sent key executives to prison. Enron was well covered by internal audits that checked off issues neatly, while, at the same time, obscuring criminal conduct. Management controlled the audit process and obtained the audits it wanted.
Among the Enron ironies is the fact that the audit industry, itself, was roiled, demonstrating exactly what was wrong. Denial followed predictably, along with public chest beating and loud lamentations. Also predictably, were reforms, including the famous Sarbanes-Oxley Act, imposing regulations designed to prevent another instance of similar abuse. Then, adding to the train of predictabilities, came protests from the business community that Sarbanes-Oxley requirements were way too onerous for civilized businesses to bear. There was public contrition along with solemn assurance that business had learned its lesson.
Regulations were eased and business got what it wanted again. Perhaps businesses really did learn a lesson. Or did they merely learn how to reduce the possibility of getting caught? The question looms even larger, especially as the economy emerges from the Great Recession amid calls for repeal of even more regulatory legislation.
Where the stakes are especially high, the answer is muddy, exactly as management prefers. Clearly, some highest level players, notably in the automotive and banking industries, have been busted but not jailed. Reduced investigative budgets of federal agencies and cronyism played a prominent part, leaving the role of internal audits suspect.
Taking advantage of relative obscurity, the management of lower tier businesses have been able to make internal audits into a force multiplier. Cover is the key. By auditing deeply and widely among the issues of internal procedures, minutiae and inconsequential regulations, everyone’s attention is deflected from real problems, located wherever top management wants to avoid scrutiny. By keeping payroll so tight that all workers, including especially managers, are racing to keep up with the minimum necessities of operating the business, no one has time to closely examine the elements of operations that are vulnerable to compromise. That is, of course, unless they are playing those elements themselves.
Cover circles back with special irony to the performance of audits. Business operations are often so complex, and regulations so detailed, requiring reports that reflect the density of issues, sidetracking auditors into a thicket of written requirements, that they overlook the most fundamental element: Follow the money. Where did money or other assets enter the system and where did they end up? What happened to the assets between those two points can be terribly important, but its significance can be obscured by extraneous factors. Beware of audits where the color of a highlighter used on a report is more important than the money trail.
Auditors are also subject to the same pressures as subordinate management. They’re on a tight schedule that requires the production of reports within a short period of time. And they are subject to cronyism and other diversions devised by management. Their reports must be filed on a timely basis without fail. But where’s the money?
Mostly, the money and other assets are where management last saw them, and mostly, that means they’re where they should be. But how is this known for certain except by management when management itself controls the audits? Who knows what to look for but the controllers themselves? With no real investigation, no crime is discovered.
A closed book cannot be read unless it is opened. But who can lift the cover?
in the public domain by Michael Driver
Follow on Twitter: @mdMichaelDriver
Michael Driver is author of Own Your Employment: The Challenge for Twenty-First Century Workers available almost for free on AMAZON.