The word “auditor” often raises an unflattering picture in the business marketplace of a drudge buried in numbers. “Many people have the view that they are lifeless checkers of details,” says John Hall of Hall Consulting in Vail, Colorado, “which sets expectations very low.”
In ferreting out the source of this image, Hall has concluded that auditors themselves are to blame. “The stereotype for any group comes from the group,” he says, “and part of what we need to do is educate people about what auditors could be doing with the wide experience they have.”
Hall will offer a seminar for internal auditors on “High Impact Auditing Practices That Pay,” on Thursday, March 14, from 8 a.m. to 4:30 p.m., for the Institute of Internal Auditors, Central Jersey Chapter, at Deloitte & Touche, 500 College Road East. Cost: $175; $75 for government employees. For more information, E-mail email@example.com.
At the seminar Hall will talk about how internal auditors can reframe the thinking of management to see them as partners in the survival of a business or organization — “in the worst case, about what went wrong, but also as a gatherer of best practices and knowledge transfer to other divisions, locations, and even countries within the company.”
Hall has adopted his own explanation of what an auditor does, in the form of a very short elevator speech. When he was on an airplane recently and his seatmate asked him what he did, he responded, “I’m a professional observer.”
Clients call him in to observe a business situation where performance is not meeting management expectations in terms of goals, objectives, budgets, projections, or even computer security or third-party relationships. “I test, interview, analyze information, draw conclusions,” says Hall. “Then I report back to management what my observations were and what I think, based on my experience, might work better.”
To explain the breadth of his own work and that of other auditors, Hall offers examples of three ways that a business, nonprofit, or the government might profit from bringing in an auditor:
Drawing conclusions from best practices. One of Hall’s current clients is a big real estate developer in Bellingham, Washington. His client is quite happy with the construction contractor who is finishing up a condominium apartment building for him in downtown Seattle — bringing in the project on time and even saving him some money.
Seeing this success, the developer wanted to learn how the contractor managed to work so effectively and gave Hall the following instruction: “Go in and study their success story, and give us five things we can translate from that example into all of our other projects.”
Looking at an area of an organization subject to a specific risk. An internal auditor might, for example, explore an area like technological or product risk, always trying to answer the question: What could go wrong?
Suppose a company is building a new headquarters on Route 1 and has to engage a construction contractor. The two entities specify exactly what their relationship will be in the form of a budget and a contract, and then the auditors evaluate the risk inherent in the relationship between the corporation and the third-party contractor.
“If you have enough experience, you can read through the construction contract and pick out some of the strong and weak points,” says Hall. Assume the corporation is paying the contractor for building costs plus 15 percent for overhead and profit. The contract should include nitty-gritty specifications, like whether lumber cost will be figured based on average cost or on the cost of a particular load of lumber. The auditor will verify costs, invoices, checks written, and timesheets, and add up the actual costs.
The auditor would look first at the project when it is 40 percent done, then 80 percent, and certainly at 100 percent. “Anytime you have a third-party relationship, there are on-site issues,” says Hall. “You find rock on the site, or the price of steel has gone up.” It is best to catch these business issues early on and talk through them, he says, and auditors, even internal ones, are trained to provide an objective viewpoint.
Ensuring the functioning of internal systems. An auditing team in a big corporation will include several types of certified professionals: certified public accountants, who often come from outside public accounting firms and specialize in financial reviews; certified internal auditors, who may be experts in compliance and other areas; information systems auditors, who will do penetration studies on a new computer system trying to hack it and uncover its security vulnerabilities; and fraud examiners.
For example, internal auditors knowledgeable about regulations and compliance with them are useful when the federal government gives money to the New Jersey Department of Education to distribute to local school districts. The funds may go for teacher aides, television sets, lunch programs, or other needs; but they must be allocated in line with the federal funds disbursement regulations. Similarly, the distribution of the money from the federal government to help restore areas hit by Hurricane Sandy must be distributed in compliance with regulations.
Hall grew up in a row house in a Catholic neighborhood in north Philadelphia. His father was at the Liberty Mutual Insurance Company, where he worked his way up from claims manager for workers compensation, mostly for stevedores at the Philadelphia docks, to division claims manager, with oversight over claims for the entire middle-Atlantic region. His mother stayed at home except when she went to work as a telephone operator while three of her five children were in college.
At Penn State, Hall studied accounting, because “it seemed like a good background for anything.” He worked for five years at Coopers and Lybrand as a staff auditor for big organizations, including Mellon Bank, the University of Pennsylvania, and Sun Oil Company.
After two years at UGI, at one time the largest gas utility in the country before it split half a century ago, as internal audit manager, a headhunter called him with an opportunity at Bell Atlantic, a company that today is known as Verizon.
Five years later, in 1990, Hall decided to go out on his own, which he had wanted to do for a long time. His work varies: he speaks and does seminars 80 to 100 times a year, does hands-on work at client locations, and does a fair amount of consulting that consists of providing higher-level advice based on his experience. Recently he also published a book, “Do What You Can: Simple Steps — Extraordinary Results,” that helps auditors do their job better. Rather than focusing on current practices, it suggests that auditors focus on where a business wants to go.
Whereas auditors may have gotten a bad rap among the general public, they do far more than just looking for neglect and shortfalls. The person who sat next to Hall on the airplane, having heard his explanation of auditing, concluded, “Oh, my, you’re some sort of consultant,” which is very different from being a “lifeless checker of details.”
So Hall has a word of advice to auditors — to share what they do first and only to share the name of their profession after their clients understand what they can contribute. “If you lead with the ‘auditor’ word,” he says, “it brings up the stereotypes.”