On the Frontlines: The Perils of Over-auditing
Blogs David O'Regan, CIA, LittD Aug 24, 2022
The Benefits of Auditing
Auditing has served humanity by building bridges of trust between competing social interests. The auditing of financial statements, for example, strengthens the orderly conduct of commerce and government by promoting accountability. Around the world, it facilitates the smooth operation of markets and narrows the gaps between governments and citizens. Meanwhile, internal auditors provide assurance on the effective and efficient administration of our institutions. In these ways, auditing protects the social fabric by providing trust among stakeholder interests, making civilized living possible.
If you find exaggeration in my claims of auditing's civilizing mission, then consider a counterfactual, audit-less world. A world in which organizations issue whimsical or misleading financial statements with no oversight. A world in which large organizations evade internal scrutiny. The result would be chaos.
Nonetheless, having acknowledged the value of auditing, we may ponder the dangers of having too much of a good thing.
The Audit "Explosion"
Professor Michael Power of the London School of Economics alerted us in the 1990s to the risks of an "audit explosion." At the time, I found his warnings convincing, yet his concerns remain unresolved a quarter-century later. An unrelenting proliferation of audit-like activities continues. We now have quality audits, environmental audits, intellectual property audits, medical audits, royalty audits, teaching audits, disinformation audits, misinformation audits, and many more besides. A "wall" of verification activities has encircled our civic life.
The Perils of Excessive Surveillance
Although auditors' assurances continue their contribution to the orderly conduct of human affairs, the inexorable rate at which audit-like activities are insinuating themselves in the sinews of our institutions is troubling. The time, energy, and opportunity costs of maintaining burdensome layers of frequently overlapping assurance systems point to a deep malaise. They strike me as symptomatic of a global loss of faith in our institutions and in our political and business leaderships.
We may be troubled not only by the proliferation of verification activities, but also by their heavily proceduralized nature. Checklist-based assurance has the advantage of eliminating idiosyncratic judgment and, thereby, enhancing reliability. But excessive box-ticking might be understood as a social pathology. I suspect that the growing "wall" of checklist-based assurance conveys superficial signals of orderliness that barely mask our increasing social, political, and economic disorder. And the creation of smokescreens of surveillance through formulaic routines and boilerplate language obscures trends of institutional decay.
However, it would be harsh to pin the blame for the unremitting "audit explosion" solely at the door of auditors. Our bloated industries of surveillance are probably a sign (rather than the cause) of declining social trust. A multiplicity of assurance mechanisms serves as a collective means of alleviating anxiety as our institutions increasingly falter and fail.
What Can Be Done?
Taken individually, most elements in the "wall" of surveillance have grounds for legitimacy. The external auditor rightly justifies his or her audits in terms of their economic and social benefits. Internal auditors, too, defend their audit activity on the solid grounds of bolstering institutional governance. And other providers of assurance respond similarly for their categories of audit activity. The problem is not at the level of the individual brick in the wall — it is at the aggregate level of the wall itself. And, it seems to me, a reversal of the "audit explosion" is unlikely to arise from below, owing to co-ordination challenges between the providers of competing categories of assurance. A political solution is the only realistic way out of the current mess, in terms of the regulation (or deregulation in some cases) of our verification industries.
In the meantime, how should the internal auditing profession react to the "audit explosion?" Is there is a danger that internal auditing will be caught up in a wider public lassitude at the bloated surveillance industries and perceived as simply another brick in the wall of verification?
I think that internal auditors are well-placed to ride out the current wave of excessive verification with its social utility not only preserved but enhanced. Internal auditing is perhaps the form of modern assurance in which the exercise of practical wisdom most clearly dominates over checklist box-ticking. Internal auditing requires the application of judgment to an astonishingly wide range of activities and, at its best, involves the kind of empirical wisdom that the ancient Greek philosophers called phrónēsis.
In the eyes of many, there is something wretched in the extent and nature of modern verification activities. Byzantine surveillance practices have increasingly subordinated judgment to dispiriting, checklist-based formalities. In contrast, internal auditing is founded on intuitive wisdom and empirical judgment. In awaiting any potential reversal of the "audit explosion," internal auditors can differentiate themselves on the grounds of a constructive auditing philosophy that promotes creativity over conformity and fosters optimism over suspicion.