A cow in Willesden

Public psychotherapy for a veteran auditor

Job roles which are exempt from audit scrutiny

The following positions are hereby designated as exempt from audit. If your position does not appear on this list, you are subject to audit attention. Please stop protesting and cooperate.

Exempt job roles correct as at 1st July 2011

  1. A&R men for record labels
  2. Airline pilots
  3. Professional athletes
  4. People whose sole occupation is organised crime
  5. Current reigning monarchs or other unelected (hereditary) heads of state
  6. Felons currently serving full-time incarceration sentences
  7. Shane Macgowan and Spider Stacy
  8. Members of cloistered religious communities, unless those communities provides goods or services to any other organisation or to the public
  9. People employed in a key risk role for a listed corporation*
  10. Unemployed people
    *Please note the deletion at line 9. This group is no longer exempt, as has previously been asserted or assumed.

9 responses to “Job roles which are exempt from audit scrutiny

  1. Audit Monkey July 8, 2011 at 5:15 am

    ACIW – reply with improved grammar!

    This post made me smile. Somewhat ironically, I’m not quite sure what Risk people do all day and the input they actually have into the business. Needless to say I recently ignored a job spec for a Risk Manager where the incumbent was required to ‘sell’ the Risk function across the organisation.

    This aside, I think you have made some assumptions (how could you?) regarding who is ‘audit exempt’ when they aren’t. For example, all flight crew at BA are subject to auditing as all pilot handling during flight is electronically recorded and independently reviewed by a Flight Safety Unit. So, if Captain Biggles has flown outside of the ‘envelope’ and given the punters a bumpy ride, he is likely to held to account and reprimanded. Obviously, at other operators, say Bongo Air in Ruritania, they are likely to be less stringent in this regard. There is an good debate to be had as to whether having a Flight Safety Unit in an airlines actually ‘adds value’ given that most pilots would rather not fly into a mountain or whether it just another bureaucratic non-job, abit like being a Risk Manager.

    As for reigning Monarchs, surely the scrutiny HM Queen receives via the Public Accounts Committee is a form of audit review?

    And lastly, as for professional athletes, don’t they have to provide random drug samples? Wouldn’t this be a form of auditing? Or were your original thoughts referring to wayward Football players?

    • A Cow in Willesden July 8, 2011 at 8:00 am

      Thanks Audit Monkey, I’ve hidden your previous effort, which seemed grammatically fine to me but I defer to your judgement. I’ll have to remember to visit your blog and do heaps of bad grammer on it. I need to find things to amuse myself.
      Hard to imagine much of an overlap between the skills required to audit well and the skills required to market an internal risk function which seems to be responsible, mainly, for marketing itself to improve people’s confidence int he risk management function. Because one of those is a real job, and the other, … well I guess as they say in Cadyshack, the world needs people to sweep the streets too.
      I am quite surprised by how wrong I got those list entries. You have suggested some excellent ways to expand our profession into what I had considered exempt areas. Not sure about the Queen though. I think there must be limited client contact in that audit, hard to imagine a new grad turning up at the steps of the palace to confirm the expenses through corroborative enquiry with the boss. The rest, though, yes I can see how they would be legitimately interviewed. I was thinking of track and field athletes originally, which eveolved into rugby league. I was thinking about how difficult it would be to provide an objective view on the risks and controls affecting a full-back, and the relevance to the financial statements of the rugby league club. Expanding your point, they actually get a bit of a grilling in Australia over soem salary conditions which are imposed on clubs through the ruling body, so I expect they actually deal with auditors every year.
      The reason for the quite subtle joke behind this blog is a real case in history, I have real-life experience of people in category 9 who time and time again have declined to answer questions, to attend interviews, or to provide documents, based on a belief that audit should not be looking at what they do. And don’t get me started on the outcome from the escalation process …

  2. Audit Monkey July 8, 2011 at 7:34 pm

    Looking at the Royal Household website, it appears that income and expenditure is heavily audited but I concur, I doubt there is a need to interview the Head of the Household.

  3. ITauditSecurity July 12, 2011 at 1:07 pm

    I have to ask about the audit charter. You didn’t mention it. What happened to access to all data, employees, and items? If they refuse, isn’t that a scope limitation? Pray tell more about the situation. Or did the head of audit agree with them? That never helps.

    • A Cow in Willesden July 12, 2011 at 5:11 pm

      Thanks for the comment IAS.
      Although I wrote ‘don’t get me started’ I truly did hope someone would press me to expand (rant). On the other hand, I honestly don’t want to dish dirt on any company I’ve audited or those that my colleagues have, so if you don’t object I’d rather explore the principles in a specific way rather than trying to infer general points form specific details …
      I once had the privilege to work with an internal audit team whose building acess passes were also warrant cards. On the reverse of the picture and job title was a mandate signed by the head of the organisation to access any information, to demand any explanation, to sieze any documents, et cetera. They would show it to clients at the start of each interview, and occassionaly would just arrive at someone’s desk, show them the card, and ask them to stop what they were doing and answer some questions for the auditors.
      Not necessarily saying that they were the best audit function in the world, but I AM saying that they had that possibility open to them.
      For audit teams without such a clear mandate, that door is closed. I firmly believe that if you can’t access information at the time you request it, that sooner or later someone will pull a fast one, and you will miss an opportunity to detect wilful mismanagement or fraud, among other things. And I believe that I’m paid to assume that it will be sooner rather than later.
      If you can’t escalate to resolution any cases of non-cooperation, you do not have the chance to legitimately become a trusted adviser to management.
      If a client with information sitting on his computer can withhold it from an auditor, even following a direct request that he provides it, then that audit function is never going to deliver the potential value to the organisation that it could.
      And from my experience, many auditors work under such limitations.
      Are things different in the Americas? Have you had success overcoming obstacles like this?

      • ITauditSecurity July 16, 2011 at 7:57 am

        I can only speak of my experiences in America, but not for all of America (auditors love to qualify things, don’t they?).

        I’ve only had to mention the audit charter and what it gives auditors access to 3 times in my career. That did the trick. I never had to produce a copy and wave it in anyone’s face or go back to my management for a bully pulpit.

        Recently, someone hesitated in giving me info, and wanted to ask his supervisor. I said no problem, lets go see her, so off we went. The supervisor said absolutely, give it the info to him, and that didnt’ bother me a bit. People are afraid auditors are going to find something and come back and nail them, and they want it to be the supervisor’s responsibility cuz YOU said to give it to him! (The info was harmless and nothing came out of it.)

        Most of the instances where I had to mention the charter were a case of the auditees thinking that I was testing them as to whether they would hand over confidential info to anyone who asked. However, they forget that auditors are not nobodies (for once!), but those with kingdom keys. If I want to catch someone doing that, I’ll check the waste basket or send a non-auditor to ask for the info with a great made-up story.

        When I was in security, I never had to showl my GOOJ card (see my website for more info on that) either. I’ve noted that people see security pros as less threatening than auditors, but I think auditors have the upper hand in terms of access.

        • A Cow in Willesden July 16, 2011 at 1:55 pm

          Truly the land of the free. I envy your position. On the other hand, you guys don’t have universal healthcare, and you seem to have some issues regarding the church-state separation (such as education syllabuses which exclude theories which are not explicitly consistent with a modern and minority christian viewpoint on the interpretation of Genesis). So I won’t be applying for that green card just yet …

          • ITauditSecurity July 25, 2011 at 7:45 am

            People disagree with univ healthcare and a literal, 6-day creation week in all lands that border the pond. Why should that keep you?

            And more to the point, how does location affect an audit charter? and scope limitations? Pulling a trigger should produce a bullet on any continent. Are you saying that your culture overrides general audit principles? You lost me a long time ago, friend. Throwest thou me a rope.

          • A Cow in Willesden July 26, 2011 at 8:03 am

            yes, a bit obtuse of me there.
            What i meant to express was that I have a great admiration for the Yankee spirit, the work ethic of your professionals, and the level playing field enshrined in your consititution. I agree that these things should work overseas, but I think that cultural differences in how people regard management structures, how secure people are in their jobs, and other factors mean that it is not so true in many cases.
            Example : Some people have an army-mentality over seniority. If their manager is more senior than my manger, they regard anything I say as advisory, and if (as rarely but not-never happens) their manager is likewise backward in understanding corporate governance, then its a brick wall right up to the chief. No-one else in between will have the front to dispute a decision by 2-layers of their own team, in front of someone else.
            Another example : where someone refuses to be reasonable in reviewing a report (wanting to cloud the issue and responsibility, asserting that unknown downstream controls are effectively managing the risk, etc.), if they are secure enough in their job, they really have nothing to fear from this being escalated as a complaint against them every single time it happens. In my mind, this would be a problem for someone working in the US, but I have seen and worked in cultures where it simply isn’t a problem.
            So my sideways dig was just referring to some of the less desirable side effects of your proud nation’s commitment to freedom in all its forms, to counterbalance the high productivity of your workforce.
            That darwin thing must be an embarrassment though? Refusing to teach it in schools?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: