ICAEW.com works better with JavaScript enabled.

How auditors can effectively challenge management

Author: ICAEW Insights

Published: 27 Jan 2023

Challenging management has been a focus for auditors in recent years. Personal curiosity, an understanding of human nature and a supportive firm culture are critical for making it work.

Management challenge has been of particular focus during the audit reform agenda of the past few years. The Financial Reporting Council (FRC) says it believes that challenge of management is a major struggle for firms. 

“The most significant quality issues identified by the FRC over a number of years involve the inconsistent application of professional scepticism and challenge, resulting in the poor application of professional judgement,” it states in its recent publication, What Makes a Good Environment for Auditor Scepticism and Challenge. “Displaying this mindset and behaviour forms the foundation of a high-quality audit.”

When it comes to fraud, auditors need to consider the integrity and ethics of management, internal controls, and the plausibility of explanations regarding any irregularities, explains Jan Babiak, Audit Committee Chair for the Bank of Montreal and Walgreens Boots Alliance, and Senior Independent Director at private Australian engineering company GHD Group. 

“I want the question of fraud to be on everyone’s mind,” she explains. “Not to be cynical, but to think: if someone wanted to perpetrate a fraud, how would they go about doing it? Would it be easy in this system? If so, what internal control risk does that focus on? The audit standards make it clear that you've got to have a presumed risk of management override. I think there should also be a presumed risk of opportunity for fraud.”

It is not, and never should be, the auditor’s job to find all of the frauds within an organisation. Large organisations have whistleblower lines and other measures to deal with smaller, more manageable instances of fraud. The focus for auditors, says Babiak, should be on management, which has the ultimate responsibility for tackling fraud within the organisation. 

The management mindset can often be quite trusting, says Babiak. While not a bad thing, it can sometimes blind managers to opportunities for fraud as they cannot believe their colleagues are capable of it. 

Babiak recalls one of the first frauds she was ever involved with: a computer fraud perpetrated by a popular member of staff who ran the general ledger for the company. She was inputting a higher amount for the company’s utility bills and putting the difference into her bank account. Babiak looked into the other members of staff that had access to the system and realised that the IT director had access to everything with no oversight whatsoever. “When I raised this, the response was: ‘He would never do that.’ There's a tendency on management to trust. We need to make sure that we're not distrusting – trust, but verify.”

Auditors are drawn to assessing processes; it’s what they’re trained to do, says Jock Lennox,  Audit Committee Chair of Barratt Developments plc and Chair of the Audit Committee Chairs’ Independent Forum (ACCIF). But that needs context to effectively challenge management, he says: “It's far easier to understand and get an assessment of whether someone really understands what they're doing by speaking to them, rather than following some sort of paper trail.”

Babiak broadly agrees that auditors tend to be less equipped to deal with the people side of an audit through their usual qualifications: “We’re trained how to deal with all kinds of things, but no one trains us in how to identify a psychopath or a well-equipped liar. We naturally tend to assume that everyone is like us, which is basically honest.”

Lennox wants auditors to have an independently determined view on what the business is trying to do, the risks that it faces and how it controls those risks. That should guide the evidence that the auditor wants to see to satisfy themselves that the organisation has properly reflected its operations and performance. “Through that process, they will be challenging management. But if you focus on purely challenging management without thinking through the core of what you're trying to do, I'm not sure that's an effective model,” he says.

Approaching an audit with an independent, inquisitive mindset should naturally generate a degree of challenge, says Lennox. The auditor is seeking to understand what is happening and using their experience and knowledge to assess whether they agree with management’s interpretation of that. “It's very important that the auditor has their own view, which they establish, so that challenge is substantive and founded as opposed to challenge for challenge sake.”

It’s also important that auditors are getting the support they need from more senior auditors and partners. Babiak recalls another time, as a first-year auditor, where she questioned the cash-in-hand nature of plane sales at a small airport, only to be told by a manager that she was too cynical. A few years later, it was revealed that fraud, money laundering and other criminal activity was taking place within the organisation. “It’s about recognising that everyone has that obligation to dissent and everyone should be listening,” she says.

“I would like to see auditors that are more comfortable getting away from their process and technology,” adds Lennox. “That should be the support rather than the raison d’être. I want them to try to understand the personal motivations of the people responsible for the businesses that they're auditing.”

Recommended content

Insights special
Belay
Restoring trust in audit and corporate governance

‘Restoring trust in audit and corporate governance’ is the BEIS white paper that sets out proposals on strengthening the UK’s corporate governance framework and the way companies are audited. Read ICAEW’s views on the consultation, explore what restoring trust means, and share information on the reform agenda.

ICAEW Faculty
ICAEW's Audit and Assurance Faculty can help you stay ahead of the curve with its essential guidance and technical advice.
Audit and Assurance

An internationally recognised network of professionals focused on keeping ahead of the changes to the audit and assurance landscape.

Find out more
Resources
A hand pointing at a graph on a screen
Economic crime

In these articles and videos, we explore the latest trends and perspectives on economic crime from around the world, and look at how chartered accountants can help prevent it happening.

See more
Open AddCPD icon

Add Verified CPD Activity

Introducing AddCPD, a new way to record your CPD activities!

Log in to start using the AddCPD tool. Available only to ICAEW members.

Add this page to your CPD activity

Step 1 of 3
Download recorded
Download not recorded

Please download the related document if you wish to add this activity to your record

What time are you claiming for this activity?
Mandatory fields

Add this page to your CPD activity

Step 2 of 3
Mandatory field

Add activity to my record

Step 3 of 3
Mandatory field

Activity added

An error has occurred
Please try again

If the problem persists please contact our helpline on +44 (0)1908 248 250