Category: Accounting and Audit Issues

What should the relationship of internal and external audit look like?

Not every organisation has both an external audit and internal audit. In some jurisdictions you can get companies that have internal audit but no external audit, while in most countries you get quite a prevalent external audit with far less incidence of internal audits. Russia is a prime example of the latter case.

External audits done under ISAs are supposed to plan and carry out work in order to have a reasonable expectation of detecting fraud and other irregularities, and certainly the expectation of users has traditionally been that external auditors are responsible for finding fraud.

I work both as external auditor and I also carry out internal audits for clients who don’t have their own departments or who do but still need to be beefed up locally by brought-in experts. Therefore I have no particular axe to grind, but I will say this – a lot seems to be expected of external auditors with relation to fraud without giving them the tools necessary to find instances of fraud.

Internal audit departments can, within reason (they cannot supercede data protection law or labour law, etc, or contravene people’s basic human rights when monitoring them) have whatever tools they like if they are within budget. I can just imagine what my clients would think if I as an external would start installing cameras, GPS trackers on company vehicles, doing spot checks for alcohol, lifestyle checks on managers, and all the other things that internals can do. And yet if you take the standards literally I have to do a job not far off that of a policeman as an external auditor.

All we are usually given as external auditors is a couple of generic questionnaires which we try to go through with the client’s management adapting it to the specifics of their business, then we have the duty and hopefully also the ability to map out and analyse the systems of the client, including the controls and to perform walk-through tests and seek to identify key controls. The way an external auditor assesses a key control and the way an internal auditor assesses a key control are also different in a number of ways, and how we define a key control for our respective purposes differs, and then the timing and frequency of checks on that control will differ. Many people who have worked only in external audit won’t know how or why they differ and therefore their ability to get the best from internal if it is even there will be in many cases limited.

Actually most of the fraud questionnaires in use are a good start because they are based in fact on the fraud triangle originally talked about by notable criminologist Donald Cressey back in the 1960s and 70s. This is the triangle of means, motivation and rationalisation or self-justification. It is based on the idea that if a person hasn’t got the opportunity to get around the system, doesn’t really need to and thinks it would be wrong to, then the chances of that person committing fraud are extremely remote. If on the other hand a person thinks that they know how to get away with it, need the money and also think they deserve to do it, then the fraudulent activity by that person is virtually certain. Various permutations of this give varying degrees of likelihood of fraud. The questions in fraud questionnaires would be good at helping to build a “fraud triangle” exercise in a given context, but only as long as the person doing it knows what they are doing both in theory and in practice. Often it is given to quite junior people to carry out and also very often in assessing audits I have seen that the answers don’t necessarily carry through to specific tests relevant to those answers, but instead increase general risk meaning that there is a likelihood that the sample sizes for other detailed substantive tests (by the way the weakest set of tests for detecting fraud) will be higher. And sometimes you are lucky to even get that much of a response.

Externals go on to make their control tests if they do recognise a key control (and on a worldwide scale I would hazard a guess that tests of controls are still done on only a small minority of audits, with most defaulting to the substantive route based really on lack of time or confidence with control work by the external audit team) and also the other big weapon they have in the arsenal is substantive analytical review. But SAR is only as good as the in-depth knowledge of the branch or business, so externals – especially those which are not branch specific as some Big Four externals are – don’t really have the sector knowledge that the internal audit team have and so their chance of noticing something that doesn’t stack up as they go through their analyses of ratios, or building of expectations and confronting to reality is not as good as that of the internal in many cases.

And then auditors finish every section by mopping up whatever needed assurance they could not derive from the earlier procedures by other substantive procedures based if done properly on a statistical sample, which is designed to get them from the assurance they got from less time-consuming procedures through to within their tolerable error (a function of risk and materiality from their perspective, which again differs from the internal auditor’s perspective which may not even be couched in money figures but in non-monetary terms). However the chances of getting at fraud looking through sampled accounting documents is miniscule, and here many external auditors do the bulk of their work.

So naturally if there is an internal audit team, an enlightened external auditor should be ver anxious to understand how they decided their work plan, what they did, and how many key controls have been checked thoroughly and how many risks are still open. If they want to give the organisation real value for money they will design tests that supplement, rather than duplicate the work of internal auditors.

Internal auditors will encourage this – they too will want to see that the organisation’s budget for external audit work goes on procedures that help to improve the risk heat map and the overall picture for the organisation. This call only be done when each side understands the other and “speaks their language”. Many internals have worked as external but not many are continually doing both types and therefore able to think through an assurance issue from both perspectives.

The Money Value of Time

The National Audit Office building, built orig...
The National Audit Office building, built originally as the Imperial Airways Empire Terminal. The statue, “Speed Wings over the World” is by Eric Broadbent” (Photo credit: Wikipedia)

According to page 2 of today’s UK Financial Times, a UK National Audit Office report shows over 6.5m people waited more than 10 minutes to get their calls answered by HMRC, adding £33m to customer’s phone bills and wasting £103m of their time last year.

This snippet of information triggered a few things that I wanted to say to you this morning. The first of these is, that, despite the fact that it is obviously pretty dire that people need to wait so long to get their calls answered by the service they are paying taxes to fund in the first place, at least in the UK there is a body which is concerened at the loss of time and places a value, in monetary terms, on that loss of time by the customer.

Anyone who has spent any time either in government offices, or even banks or supermarkets in this part of the world will probably confirm that the idea that the customer’s time is valuable and should be respected is a rather alien concept. Not so long ago it was an utterly alien concept, but even today it is still a concept which they find rather hard to grasp.

Not as bad as China, though, from what I heard and also saw. People being expected to queue all day outside the Chinese consulate for their visa and then at the very moment that the scheduled closing time of the office came the shutters come down like with Kiosk Keith and that was that. The spare time of the employees was utterly sacrosanct, that of the customer not at all. This of course shows an elitist mentality, which can be found in almost all state sector offices to one or another degree anywhere in the world. Expect it and try somehow to deal with it.

Much less acceptable is the wasting of the customer’s time in business. If the customer is paying then they have a right to have their matters expedited and people who keep people waiting ought either to invest in more infrastructure to avoid it or to wonder if they are in the right business. Continue reading “The Money Value of Time”

Audit fees bouncing back in the USA. Will Europe follow?

European flag outside the Commission
European flag outside the Commission (Photo credit: Wikipedia)

CPA Trendlines have recently run a few articles highlighting a rather brisk upturn in the fees taken by audit firms in the States, and together with that an increase in salaries as well as movement in the market for hires in audit in that country.

Europe may or may not follow the trend in the USA – on the one hand we all went down together in 2007, so hopefully we will start to rise together also, but on the other hand Europe is author of some of its own problems. The Euro crisis is far from over, credit is still not flowing in the way people had become accustomed to in those halcyon pre 2007 days, and even where there is talk about green shoots of grass out on the Eastern European green fields, it seems to be a case of “two steppes forward, one steppe back”.

Europe has been discussing the Barnier proposals for audit reform which would have given more teeth to the profession as well as reduced the oligopolistic effect of the Big Four, who seem to be using their oligopoly so as to sour the market for the middle tier and thus cement their place as fairly unthreatened by competition from the mid-tier audit firms.  In this, the smaller firms with low audit quality are their natural allies, and in places like Poland where the Big Four took effective control of the local audit chambers, the previous initiatives to force the small pensioner firms to either level up or get out of the market have been unravelled and tiny micro firms of auditors manned by geriatric owners still get to pronounce on the financial statements of even listed companies in exchange for fees which simply guarantee that they cannot possibly have done the work required to be able to make such pronouncements and back them up. Should they ever land in court they will probably not need to worry as they will be too old to get into trouble or endure sanctions for long.  Even though this status quo means that governance is largely bogus, the Oversight boards don’t seem to care and the Companies themselves are not complaining, as they save money and also don’t need to put themselves to the trouble of a proper audit, where they might actually need to answer questions and furnish documents to an auditor following a proper audit plan. And behind all this is the Big Four, knowing that this state of affairs squeezes hardest on the mid tier, as the largest companies simply must use the Big Four, and they are fighting the mid-tier for the medium sized business since the recession started and every euro counts.

Before 2007, they tended to bother less with mid-tier clients as they themselves are aware that they are not really geared up to give them what they want, and that is what the mid-tier audit firms are designed for.

The Barnier proposals initially struck hard at the Big Four, and they responded by sending armies of lobbyists to Brussels and to national governments. As a reesult of this, the European Commission is already arguing over a watered-down version of Barnier, and there is the opposing threat that has appeared from nowhere of upping the audit thresholds again.

Now it seems crazy that exactly at a time when many European governments are going to be increasing tax burdens in order to fund their return to lower sovereign debts, and therefore the motivation for taxpaying companies to cheat will be intensified, governments at the same time are talking about reducing seriously the percentage of the economies which are subjected to proper audit.

It makes no sense, but it seems that they don’t appreciate at all the value of the audit system. They are aware of the failures when they occur and concern themselves with the 1% of audits that have gone astray and ignore and legislate in an adverse way for the 99% of audits that have not gone astray. As a result the markets for audit firms have been skewed and more pressure on our prices occured and more and more pressure on time available for audits, which in turn doesn’t do much to improve auditors’ chances to spot abuses and irregularities.

So we hope that the situation will be on the mend in Europe as well, but the politicians need to wise up in order for this to happen. They need to understand that  an audit profession that is choking to death in this continent is not in anybody’s interests, and least of all in their own.

The EGIAN Position Paper in full (republished by permission) fully endorses the views expressed in this document

Enlargement of the European Union (animation)
History of the EU








The creation of a more open vibrant market in the audit of large listed companies is urgently needed to protect and advance the public interest. If no action is taken, the currently excessive levels of concentration in this segment of the audit market in nearly all Member States of the European Union will very likely continue to rise even further, not least as a result of non-Big 4 firms being taken over by their dominant Big 4 competitors in key markets. An example of how to define large listed companies is set out at the end of this paper. Continue reading “The EGIAN Position Paper in full (republished by permission) fully endorses the views expressed in this document”

It pays to avoid the BBBs (Bargain Basement Bookkeepers)

Violent Storm Strikes Western Europe
Is a storm brewing over your books and records?

I am writing to relate a story based on true events which came to light last week when one gentleman came into one of our offices and spoke to me. To keep matters confidential, I won’t say the country – the same can happen in any country – or identify anything about this company the gentleman had – even the sector. It can happen to many sectors.

This gentleman had given his company bookkeeping and tax affairs to an outsourced book-keeper for his business in that particular country. He used outsourcing back home in his own country (I’m not saying where that is either) and he appreciated the benefit of being able to have his bookkeeping professionally handled by experts without needing to employ anyone, worry about holiday cover, etc etc.

Some time ago this gentleman had included our firm in his search, and we gave him a price entirely fair for a company with our niche in the market, that is, internationally trained people, with English, with proper quality assurance, supervision and back-up.  In other words,  a peer-reviewed, branded service tailored absolutely to the needs of West European businesses in the middle tier coming to start up in East Europe, and also very good for businesses not exactly in the middle tier and from places outside West Europe.

That means that the fee offered was not nearly as high as a Big Four service would cost, but certainly higher than a purely local service.

Now I’m not knocking the purely local services – many of them are very good, but for purely local clients as they don’t tend to be claiming proficiency in foreign languages or have the ability to engage cross-culturally with the client (a source of just as many miscommunications as the language barrier on its own). They are not a great fit with the international client, and often their cheaper price becomes a false economy as frustrations rise on both sides of the desk.

The problem in this case wasn’t lack of English – this gentleman’s chosen bookkeeper spoke English, apparently.

But she was in business just on her own. With no back-up employees, probably very little insurance, probably very few resources to turn to, and very few overheads hence enabling a price no quality firm could ever compete with. That was the price that tempted this gentleman to take her bid over mine.

But since then, it became apparent that this bookkeeper was not entirely what she seemed to be.

Neither this gentleman nor myself are qualified psychiatrists, and we could only speculate on what might have gone wrong, or been wrong all along with this person. The fact is, though, that mental illness happens in the human population. We’ve probably all had employees or acquaintances who have had a mental illness, and in a larger company they quickly get noticed by colleagues, and steps taken to look after them and safeguard the clients’ affairs. When they are on their own, no such controls exist.

Suffice it to say this lady no longer was answering emails or picking up the telephone when he was calling, and when he rang from another number she didn’t know, she put the phone down when she heard his voice – the person entrusted with his company’s books and records and processing a VAT reclaim for more money than she would normally earn in many years. As you can see, the situation is now much harder – and therefore more costly – for us to repair than if he had simply given us the work in the first place.

It simply doesn’t pay to use these Bargain Basement Bookkeepers. You know what you get if you pay peanuts, and if a price looks too good to be true, it probably is.

Dlaczego potrzebujemy RMUA u lekarza?

Logo of the Social Insurance Institution of Poland
Poland's Social Insurance logo

In the following article produced for the benefit of their clients but included here for general interest, is an article by one of Luxmed’s experts showing why it is that in Poland even privately insured patients still may be required by their doctor to possess proof of social insurance under certain circumstances.


Zgodnie z Ustawą o świadczeniach opieki zdrowotnej finansowanych ze środków publicznych, lekarz ma prawo odmówić wystawienia recepty na leki refundowane, jeżeli Pacjent nie przedstawi dowodu aktualnego ubezpieczenia. Takim dowodem może być każdy dokument potwierdzający prawo do świadczeń opieki zdrowotnej finansowanych ze środków NFZ, w szczególności dokument potwierdzający opłacenie składki ubezpieczenia zdrowotnego. Continue reading “Dlaczego potrzebujemy RMUA u lekarza?”

Domain names scam – what to do if affected

World Map Politic 2005 with ccTLDs - LQ version
CCTLD map from Wikipedia

You may have received e-mail (especially from Chinese and Hong Kong companies relating to .cn domains bearing your name if you didn’t register in China, but now more commonly in East Europe also) which says that if you use these people’s services they can prevent your name’s domain in that country from getting blocked.

Now this email gets sent out all over the world to addresses harvested from the internet page and chats and from usenet fora by robots, and of course the people behind the email cannot really afford to block every single domain that they are fishing for.  The one sure fire way of making sure that they do block your domain is if you respond to them, whether with threats or with asking for the help, even in terms of “what it would cost”. I suggest you only do this if you don’t want the domain really and have no intention of buying it, as if you are lucky it will lead the scammers into real cash outlay which they’ll never see any return on. I highly encourage that! Maybe some of these pests will stop it if they see that enough internet users are wise to them and don’t mind leading them up a garden path…

You can always search here on EuroDNS (in the interests of transparency that affiliate link earns 10% of anything you buy after you go there, but it shouldn’t cost you more and it’s the service I use myself) and see what the status is of all of your possible combinations of your name and the country endings or generic endings, as well as check the Whois status of all these countries, both Europe and Asia, all in one place. You will probably find that nobody has blocked your domain at all, and if you are interested in owning the domain you can block it there and then. They are ethical and I never had a problem with them that the owner didn’t solve within a week. If they are not contactable one day you can usually get them the next day. Continue reading “Domain names scam – what to do if affected”