I wonder how we arrived at this perplexing state so quickly. It wasn’t long ago that I lamented the declining number of journalists who were holding governments accountable. Now those remaining journalists are finding their news reports and facts being challenged. Similarly, the conclusions of the scientific community are being questioned by nonscientific skeptics.
The mistrust has reached the point where some of the public vehemently reject traditional sources of information and seek their own sources of facts, which they then adopt in their thinking and conclusions.
If reporters and scientists can be disbelieved, could auditing suffer a similar fate? Sometimes conflict with people we audit can’t be—and shouldn’t be—avoided. You hitch up your nerve and look agency management in the eye and calmly explain problems they should have known and didn’t fix. That’s why you’re paid as much as the department heads you’re auditing. You’re not? Bummer.
If you have maintained good communications during the audit, management shouldn’t be surprised when they see the draft. You should follow the notion put forth by Ronald Heifetz and Marty Linsky in their book, Leadership on the Line: Staying Alive through the Dangers of Leading, by giving out bad news in a series of doses that management can handle.
Auditors know how difficult it can be to muster facts to develop findings, workpaper by workpaper and draft after draft, in order to get the language right. In contrast, someone can easily broadcast misinformation, or worse, distrust and skepticism about others’ information. Mark Twain had a good quote: “A lie can travel halfway around the world before the truth can get its shoes on.”
What should auditors do in these times when few reporters hold local government accountable, and there is less public confidence in facts? Of course, we should continue to follow Standards. They are grounded in the concepts of objectivity, independence, competence, and quality control, all of which establish trust.
We can do more though. I’ve been reading a 2008 book by Stephen M. R. Covey called The Speed of Trust: The One Thing that Changes Everything. (London, England: Simon & Schuster) It’s not a long book, and I strongly encourage you to read it because many of its ideas relate to auditing. True, it is directed more at business managers, with many of its examples drawn from that world, but the concepts are fundamental to ours as well. Covey describes the characteristics that build trust within our organizations, and how we can gain the trust of others outside our organization.
Auditors seek to be trusted because credibility is key. Covey values trust for reasons beyond just credibility, which I’ll talk about in a bit.
He introduces four “cores” which people use to assess a person: integrity, intent, capability, and results. Integrity means that a person acts in harmony with their deepest values and beliefs. He could have lifted his definition from our Standards which state that “Acting with integrity means that auditors place priority on their responsibilities to the public interest.” (3.10)
Covey describes intent as the positive motives and actions that a person pursues. Auditors with an intent to improve an agency’s operations will be perceived as more trusted. The third core is capability, which is the power to perform our work with excellence. Auditors need to be smart enough to produce an audit with persuasive findings. Lastly, we are judged by results, which will take some time to accrue, but connect all the promises and potentials to something real.
If you and your fellow auditors exhibit these characteristics, you are likely to have calmer meetings with management about draft audit findings. They may disagree with your evidence, wording, or conclusions but they will not resort to attacks on your integrity or intent. If you did your work well, management will discover you are indeed capable of developing worthwhile results.
Covey extends these four cores to organizations. The reputation of a business is dependent on that same notion of trust. Businesses devote so much attention to their brand because they want customers to attach trust to it. Auditors have a brand, and trustworthiness is our key characteristic. We have other characteristics not so endearing, like “boring” and “geeky.” I can live with the boring and geeky to preserve that precious trustworthiness.
Covey notes that the reputation of trust is built from the organization out. Businesses can’t buy advertising to be trusted, but must weave it into the fabric of the organization. To make that work, the leaders must show the characteristics that build trust and model the behavior for everyone within the organization.
None of these core elements are a stretch for auditors. I would add courage, though, because it is most important in these times. Auditors need courage to pursue contentious topics, and to respond when their findings are questioned, as is happening in other professions that rely on trustworthiness.
The danger of being challenged always exists, and auditors are practiced at defending their work with auditees. Yet a survival instinct might induce an auditor to select lower risk audit topics, even though it will always be in the public interest for auditors to report a discomfiting truth. To do any less violates our Standards. Fear compromises auditor independence.
Covey describes thirteen behaviors, listed on the left in the table below, that can earn you and your organization more trust. These are aspects of character as well as words and actions. If you have ever known or worked for someone who built a trusting relationship you will recognize those behaviors.
Covey also describes the opposite: behaviors that break trust with others. Read down the right column to see if the words evoke someone you knew, or know. Even one or two of the behaviors can break trust and create lasting bad memories of someone who abused the truth and everyone around him. I’ve always believed that we can learn as much from a bad boss as a good boss. The bad stuff stands out, and lives in our memory as an example of what not to do.
| Build Trust | Break Trust |
| Talk Straight | Lie, spin, tell half-truths, double-talk, flatter |
| Demonstrate Respect | Don’t care, don’t show you care, show disrespect, or show respect only for those who can do something for you |
| Create Transparency | Withhold information, keep secrets, create illusions, pretend |
| Right Wrongs | Don’t admit or repair mistakes, cover up mistakes |
| Show Loyalty | Sell others out, take the credit yourself, sweet-talk people to their faces, bad-mouth them behind their backs |
| Deliver Results | Fail to deliver, deliver on activities not results |
| Get Better | Deteriorate, don’t invest in improvement, force every problem into your one solution |
| Confront Reality | Bury your head in the sand, focus on busywork while skirting the real issues |
| Clarify Expectations | Assume expectations or don’t disclose them, create vague and shifting expectations |
| Practice Accountability | Don’t take responsibility, “It’s not my fault!”, don’t hold others accountable |
| Listen First | Don’t listen, speak first, pretend to listen, listen without understanding |
| Keep Commitments | Break commitments, violate promises, make vague and elusive commitments or don’t make any commitments |
| Extend Trust | Withhold trust, fake trust and then “snoopervise,” give responsibility without authority. |
The last behavior in his list is worth some discussion. Trust is more problematic in government, and especially auditing. Covey’s theme in the book is that trust as a tangible asset that allows for faster decisions and actions by organizations. Distrust is an impediment to the speed and cost of our interactions. He cites surveys and statistics that show the decline in trust that the public has for its fellow community members, and for various professions.
He also cites examples of major business transactions that concluded quickly and successfully because the leaders trusted each other. A leading organization asked its employees, “Do you trust your boss?” It found that the answer was the better predictor of performance than any other question.
Here is his summary about extending trust:
“Demonstrate a propensity to trust. Extend trust abundantly to those who earned your trust. Extend trust conditionally to those who are earning your trust. Learn how to appropriately extend trust to others based on the situation, risk and credibility (character and competence) of the people involved. But have a propensity to trust. Don’t withhold trust because there is risk involved.”
What struck me in all this was the context in government. Distrust is institutionalized in government actions and decision-making. All written bids must satisfy an agency’s cost and quality requirements. Job applicants will be hired on the basis of documented merit. Agreements between agencies must be detailed, often involving attorneys, and pass the highest levels of scrutiny. We know all these requirements because we’ve audited them. We call it accountability.
And accountability is an impediment to the cost and speed of government. We structure our governments to limit powers and establish accountability mechanisms. Applying that approach to all levels of government has its costs. And there is no inducement in government to trust anyone, or to limit the burden of procedures and documentation. As a result, there is little control on the accountability costs in government. It is how procedures manuals for social workers can exceed one thousand pages. The only countervailing force I’ve encountered are Lean initiatives, but they happen irregularly, and carry their own burden of procedures and ongoing documentation. Businesses have few accountability burdens except the bottom line, which is why they excel at speed and cost.
In the same manner, our auditing procedures are built on distrust. We question the stories told us by the managers we interview and seek objective evidence to support or refute them. We call it “professional skepticism” which boasts many more impressive-sounding syllables than “distrust.”
If that strategy doesn’t work, here’s a story about addressing the core of their concerns. I had just started with the state and the team was wrapping up an audit of the failure of county district attorneys to participate in a state program. The team was meeting with the chair of the state district attorneys association, who had signaled his unhappiness with the draft. I always considered it my job to be there for tough situations and to defend my teams.
As we were driving to his county seat, I asked the two auditors how they made decisions about changes to the draft. They said that they were expected to talk through the draft but only write down agency concerns and take them back to the office for consideration by the managers. I told them that in future exit meetings they could make wording changes that clarified, corrected, or had little consequence to the finding.
We went into the district attorney’s office and he started the meeting with an attack on the wording in the audit as well as the audit team which he implied was basically clueless. (Key lesson: bring them back to the audit report. It’s not about you.] I asked him to show me some wording that bothered him.
“Well, here,” he said, flipping through the pages, “You say ‘the district attorneys claim they don’t have the resources to do all the paperwork.’ You make it sound like you doubt us.”
“How about if we change that to ‘the district attorneys stated that they don’t have the resources?” I asked.
And just like that, all his loud and blustery manner slipped away. Sometimes it’s just a word here and there in the draft. Changing a word also signals that we are listening and responding in a constructive way. If the team had followed the office practice and refused to change the language, they would have suffered a long and bruising meeting, because that word was on the last page of the audit.
Another lesson to take from that audit team is that allowing them to edit—extending some trust—would have made their jobs easier. They were competent, experienced auditors and deserved to be trusted with some of the decision-making. Trust is an important component within an effective organization.
These kinds of strategies establish a respectful dialogue between the auditor and the agency. Underlying all of it is that notion of building trust.
Our auditing procedures also build distrust into our own organizations. Auditors need to be supervised and their work independently reviewed for quality, and to comply with our Standards. And to satisfy peer reviewers we must produce plenty of documents of those interactions.
My question to you: could your audit procedures reflect more trust in the interest of saving time? Imagine this: how long would it take your auditors to produce an audit report that had all the evidence but didn’t have all the overhead of Standards? You can only estimate, but if you are spending twice the hours necessary is there anything you could do to streamline your procedures?
Think about all the ways you double-, triple-, quadruple-check your work, including review by the audited agency. There is that description, “a belt and suspenders man.” We go way beyond those two inventions to keep our auditing pants up. Do you only feel confident with two belts and three pair of suspenders?
I worked in several organizations, participated in several peer reviews, and saw many different ways that auditors met Standards. As I’ve pointed out before, there are no clear guidelines for sufficient evidence or “a system of quality control” because it comes down to auditor judgment.
A “propensity to trust” for an auditor is unsettling. But Covey acknowledges that situations vary and people should extend or withhold trust accordingly. If you, as a supervisor, trust that a veteran auditor knows the requirements of evidence and documentation, do you need to review every workpaper as it’s produced? When someone examines that indexed workpaper later, and its reference to the draft, would that verification be sufficient? Of course, you could review select workpapers as they are developed, but for different purposes, such as understanding an issue, or looking at a high-risk analysis.
In contrast, a newly hired auditor needs and hopefully seeks out coaching to ensure that workpapers are properly done and sufficient evidence is gathered. The “situation, risk, and credibility” of this rookie are uncertain, so much more scrutiny is needed.
Dealing with agencies you audit offers a similar range of situations. If you are auditing for the first time in a program where you have little history, and the director is uncooperative, you would rightly proceed with caution, and not trust.
Suppose you find evidence of a problem and the managers acknowledge it exists, and wish they could figure out how to fix it. Where should you allocate your audit efforts? Should you put 85% of your hours into proving the problem exists and only 15% into trying to find a recommended solution? Or would it be more worthwhile to put 50% into documenting the problem and 50% into researching the best solution?
This sounds like I am contradicting what I said earlier that shortcuts would expose the auditor to more error and undermine public trust. I argue that sufficient accountability is necessary but “an overabundance of caution” runs against the public interest. If you have four different auditing checks on your evidence, would only three really make you less confident? If auditees agree with a finding, how much more work do you really need to conduct, and where would it provide the most benefit? And if you could cut 10% or 15% of the time an audit currently takes, wouldn’t that be a wise use of public dollars?
I am not arguing against Standards or abandoning care and caution, just advocating for some consideration of audit risk in the extent of work needed to achieve sufficiency of evidence and quality control. There are so many more important audits to do. Prolonging some of them may not be so necessary.
As many people have lost trust in institutions, and even in facts, we have a professional responsibility to devote ourselves to the behaviors in the left column of Covey’s table. We must all contribute to a workplace that embodies trust. Fundamentally, I’m hoping more people will earn and extend trust in these times, just like Covey argues in his book. We need to ensure we have a good balance: to continue our practices that make us trusted and to evaluate where some additional trust can help us accomplish more in less time.
