Does "one size fits all" audit really work?

At the Phoenix Auditing Roundtable meeting earlier this month, one internal auditor described her company’s “One Audit” concept. It is a comprehensive  audit that includes EHS, finance and IT auditors in ONE team. Instead of having three or four different audit teams auditing specific functions of the company, a large team shows up at one time and does it all.
The main rationale cited at the presentation was that senior management was tired of having to spend time with 4 separate teams and preferred to spend time with just one large team at one time.
This rationale begs the question: Is the internal auditing process being modified  for the convenience of senior management? Or should it be done to uncover issues that need to be addressed regardless of the “inconvenience” that it impose on management?
A similar sentiment came up in another session (my session) when the question was posed to the audience of auditors: Should you be hiring the same external auditor year after year? Or should you be hiring new external auditors very few years to get a fresh set of eyes?
Many internal auditors were adamant that the same external auditors be hired because these auditors know the company’s process and procedures and would ask fewer questions and therefore take up less time of management.
Setting aside the adage “familiarity breeds contempt”, does this mindset of “not inconveniencing management” really serve the company well?
0 Comments

Environmental auditor's duty to report

As an environmental auditor, what are your responsibilities if you find violations that pose imminent danger to public health or the environment? Do you tell your client right away about your findings and tell your client to cease the practice and report to the agencies? What if your client refuses to report to the agencies? What if your client refuses to stop the illegal practice that is causing imminent danger to the public?

What are your responsibilities? Can you hide behind the confidentiality clause in your retainer agreement with your client? What about the joint and several liabilities in most environmental laws? Are you in legal jeopardy if you ignore the imminent dangers?

These are all very interesting questions that are being raised in a
discussion group in Linkedin.
My take is that faced with an imminent danger to pubic health, you have a duty to tell your client to cease its practice immediately and report to the appropriate agencies. And if the client refuses to heed your advice, you have a duty to “turn him in” given the imminent harm nature.
0 Comments