The management had complained that there are inconstancies among the audit reports. In one year, the auditor’s report would include few exceptions and the second year another auditor would audit the same business unit and have more exceptions than the pervious audit. The management claimed that the business risk did not increase. How can we eliminate inconstancies among the audit reports and auditors? Thank you for your input.

Without knowing the specifics of the situation, it could be many things that cause the variance.

What type of exceptions are you noting? If they are compliance violations that would be obvious to anyone that understands the regulations and principles of the audit, this could be an issue. If they are more of a questioning nature within the transactions themselves, it can be a judgement call.

Are the two audits being done for the same time period? Are the persons both using random samples or are they viewing the same data? All these things are issues that come into play.

In the world of accounting and thus flowing into audits, no two persons will view everything in the same way. Though the deviation in opinion should be limited for the most part, where personal experience and judgement can enter the picture there can be extreme differences.

In order to make the auditors more in tune with the opinions of others, you may wish to do some training exercises in which they are all asked to review the same information and make their notes. At the end of a designated time period they should all be brought together to go over their findings. It is amazing to see what interpretations can do with a group atmosphere. You will allow the group to learn from one another and understand the difference in viewpoint at the same time.

As mentioned previously, the specific circumstances would be helpful in evaluating the situation, but here are a couple of thoughts.

The larger the department (and in a previous post you mentioned having a large department), the more difficult it becomes to be consistent from one audit to the next. The primary control point should be the review and approval of the Chief Audit Executive (CAE) / Manager. The CAE is responsible for ensuring that each audit is properly planned and that appropriate audit procedures and sampling are used. The CAE is also responsible for reviewing and approving the audit procedures, findings, recommendations, etc. Therefore, true inconsistencies need to be corrected by the CAE.

That said, there will always be valid reasons for there to be some differences from report to report: increased scope due to a change in perceived risk or audit resources, changes in environment (i.e. 9/11 and the impact on business continuity), different sampling methodologies, etc. This topic is addressed in more detail in a previous post.

Bottom line, try to get past the political issue ("what changed or why didn't you catch it last time") and focus on whether the risk is there now...you can't change the past.