Going through an audit is rarely an enjoyable business experience. Whether it comes from inside or outside the company, an audit can feel as though strangers are picking you apart and telling you how best to do your job. However, it’s important to take the audit report recommendations seriously. Failing to comply with its guidance exposes your company to greater risks.
Know Your Audit
Audits can come in many forms. Internal audits are undertaken by employees within the organization, while external audits are conducted by a separate and independent organization. Both audit efforts aim to provide an objective voice into business operations and discover areas with deficiencies or inefficiencies. Audits can target a number of different areas, including financial, operational, information systems, investigative and other topics. Every audit has its own response pressures that determines the risks faced by noncompliance.
Reduce Your Risk
Audit reports don’t make policy. Developing policies to address issues found in an audit ultimately is a management responsibility. The reports do, however, make recommendations for correcting perceived deficiencies and detail the potential problems that the entity faces if action is not taken to correct them. Therefore, one of the first things to remember when reading the report is that failing to comply with recommendations from an audit report may put your company at greater risk. If an independent audit finds an area of concern and you elect to ignore it, you can find yourself in hot water very quickly if you’re wrong. Failure to act on audit report recommendations for correcting financial reporting weaknesses or potential safety issues can increase the risks of lawsuits, or even criminal prosecution, if they manifest themselves in the future.
A business doesn’t always have to comply with specific recommendations that an audit team comes up with. Indeed, auditors, particularly coming from the outside, may be better at recognizing that a problem exists than they are determining the best solution for your particular company to correct it. The company does, however, have to address the concerns. If an internal audit finds that there’s an inadequate separation of duties and gives an opinion on how it should be fixed, and your company wants to try a different approach that still corrects the problem, it can usually do so. But if an audit finds instances of noncompliance, a company has to get back into compliance one way or another.
Pick Your Battles
Some audits carry more authority, particularly when they come as part of oversight from a government agency, and therefore are more difficult to disagree with. Once the report for these audits has been issued, it can be very hard to get the recommendations changed. If your objection is a lack of resources required to fulfill the request, make that clear and ask for an extension if needed. Depending on the type of audit, the organization conducting the audit may also be charged with monitoring the status of the implementation of its recommendations. If that’s the case, failure to comply with the recommendations may be seen as an indication that a company is deliberately being uncooperative, in which case it may risk severe sanctions.
In many cases, the results of external audits can be released with or without the consent of the audited company. For example, when government agencies perform an external audit, its results can often be discovered by the general public. In that case, failure to comply with audit report recommendations may bring additional scrutiny, since a wider audience will be aware of what was suggested.