communication is during a remote audit. To clarify these topics, consider business unit background. This information should detail the business unit's location, staff size, turnover statistics, management tenure, volumes for both transaction and dollar (if applicable), and current systems used. When it comes to business objective(s), the auditor has to understand what the purpose of this process under review is. More simply put, the audit team must understand the role this particular business process plays in the organization. Consider what product or information does this group create and is it for internal consumption or is it for the public. If it is for internal usage, another business unit or team is relying on this team's product and decisions will be based on the information provided. And if it is for public consumption, the risks become even higher if the process is not completed timely and accurately. Communication, as you will hear throughout this book, is going to be the cornerstone and foundation for the success of your audit function, especially while executing remote audits. One of the most underrated concepts of communication with audit clients is the fact that solid communication fundamentals start within your own audit team. When the communication requirements are stressed and enforced within your audit team, it becomes immediately transparent with your clients. Another benefit to strong internal communications is it becomes a habit to speak to your co-workers as it pertains to work challenges, client difficulties, or even clarifying questions about the process under review. The audit team should be filled with people who want to share all of their business and company knowledge, audit and business experience, and suggestions on how to handle a difficult task or client. Those individuals who openly share with their teammates create a strong communication base and functional team. Highly communicative teams not only create a strong, unified approach but also develop leadership skills as they continually practice explaining (in detail) how the audit process works, how the business process is focused on completing their assigned tasks, and how this particular business process links to the overall objectives of the company. Communication provides an avenue for ongoing development of business process knowledge that pays dividends no matter what position you have at the company.
RECOGNIZING THE CHALLENGES
Every audit you participate on will have challenges, but the remote audit will exacerbate simple ones into much more difficulties throughout the audit. Regardless of the audit type, the biggest challenge is availability of the client. Whether the clients like it or not, they should be a key participant in every audit due to their knowledge of the process, access and understanding of the data, system knowledge, and overall process experience.
I think many times auditors take for granted the availability of client access when executing a traditional audit. That luxury is missing during a remote audit. I know this may seem like a simple concept, but it plays a huge role when the auditor is trying to complete the planning process and is missing critical data or information to close the loop on one particular process piece. Gone is the time of getting up from your desk and finding someone in the process area to question regarding the missing information. An auditor's ability to follow up, ask qualifying questions, or retrieve missing documentation becomes much more complicated when they do not have immediate access to the business team. And there is no telling when and if your business partner is going to answer the phone to address the next question from their audit counterpart.
Another significant challenge during a remote audit will be obtaining the detailed process steps from start to finish, especially if you are auditing an area never reviewed before. Since there will be no documentation available from the previous audit (completed process map), the auditor will be responsible to obtain this process level information from their business client. Every auditor knows how difficult it is to create a process map from scratch; it takes time to review the most updated policies and procedures, examine supporting process data, understand the systems used, draft an initial narrative, and then meet with the client to clarify the understanding of the process as well as ask any outstanding questions. All these steps are necessary to develop a complete process map. In the nonremote world, you can expedite this process by sitting down and getting a walkthrough of the process with your business partner and asking clarifying question as you go along. However, in the remote audit world, it is not possible to perform a walkthrough over the phone or even in a videoconference. Trust me, it just does not work. That does not leave the auditor with many options other than to dedicated the time and effort it will take to become intimate with the policies and procedures (that you hope exist or are up to date) along with all the other data and information requirements to build a solid narrative of the process to be used to facilitate the phone discussion with the client. The more detailed the understanding of the business process, the more effective the process validation call will go with your client. This type of exercise requires excellent communication skills to ensure the auditor validates the process details and the business partner clearly understands the questions being asked. As you read on, you will see how communication skills are always at the foundation of success for any auditor in every industry.
Understanding the Business Process
Remember during any type of audit, the auditor will be required to perform independent research regarding the business process under review. The key during this research period is to ensure that you are focused on the activities in the area assigned. Do not waste time trying to build an understanding of the processes like the personnel in the business unit. No matter how hard you try and how much time you dedicate to learning any business process, you will never know the detailed workings of the operation like someone who is actually doing the job in the current environment. Your objective during this research period is to ensure that you are reviewing the most up-to-date information available regarding the business operations and are creating a foundation of general knowledge of the process. You will then use your communication skills to fill in the detailed nuances to the process.
The next step in this research part of planning is going to focus on any previous audit activity, external exams or reviews, as well as open and closed action items. The easiest one of these is going to be the previous audit activity. This information is readily available to you along with the supporting evidence and access to the individuals who performed the actual audit. I would suggest reaching out to whoever completed the last review to get their perspective on the area, business personnel, challenges encountered during the audit, and the final report. Discussing these topics with the person directly involved with the project will yield much more valuable information than just reading through the documentation. Plus, it will save you time, and we all know that in every audit, that is a precious commodity.
Another component during this phase that must be included is understanding the rules that the business operation is required to follow. These rules include the established policies and procedures and all federal, state, and local laws. It is important to note, especially during a remote audit, when looking at the policies and procedures that you must be especially aware of the details surrounding workaround scenarios. These types of scenarios include exception processes, manual overrides, management discretion decisions, and supervisory overrides. While all of these exist in most business processes, it is important to ensure that you understand the situations that allowed these types of transactions to occur.
The other critical detail that must be explained is what level of standard, formal documentation is required when one of these workaround processes is selected. Consider, the business team is performing their job by going outside the normal order of processing. The documentation included must clearly explain why this occurred and exhibit some level of approval. Hopefully, all workaround scenarios are fully explained in the policies and procedures and included the required documentation and approval required for each type. The final workaround point to discuss is the validity of this type of transaction. The key distinction in determining the appropriateness of a workaround is pretty straightforward. While workarounds exist and are necessary in business processes because no business process will be the same every day of the year, the validation of workarounds is determined by the control environment. What that means is that a workaround is appropriate if, and only if, it does not bypass a critical control. If a workaround procedure is used to avoid a critical or key control (approval, review,
