A Chief Executive has continually accused his IT team of sending series of financial requests to resolve varying issues in the department. He described the frequency of request and the amount involved as “sickening”. The cumulative amount of money involved was a pain point for the CEO. In a bid to grasp the state of affairs of the IT department, the CEO hired an IT Auditor to meet with the Head, IT to assess the operations of the department.
Pre-audit meeting held with the IT department and Internal Audit revealed that the CEO singlehandedly hired the audit firm without recourse to the auditees and internal audit. Hence, the audit could not commence and the CEO was informed of the potential impact of his move.
The likely consequence of the CEO’s action is the difficulty in gaining the cooperation and support of auditees. The auditees need to admit that frequent requests emanating from the continuous breakdown of devices or any other tech-related issues call for a review of the organization's IT portfolio management. They must acknowledge there are problems and solutions are needed.
Internal audit, on the other hand, ought to be consulted since they are to complement the efforts of the external auditor and vice versa. The audit findings, recommendations, and follow-up audit would be monitored by them.
Stakeholders engagement is important in having a successful audit. Underestimating the power of an auditee in a potential audit leaves an auditor with the risk of having inaccuracies in his/her judgments.