Too many audits conclude with either a sigh of relief or a scream of frustration from the auditee who has "passed" or "failed".
In spite of a mass of new requirements for 'corporate governance' and 'assurance' in many countries of the world, this problem is growing. Every year, management reacts to the need to be able to demonstrate compliance with ever increasing external requirements, such as changes to legislation or the small print of an ever increasing number of regulatory bodies, by doing more and more compliance auditing.
But hang on a minute. Why do we need to do all this compliance auditing? Put simply it is because most managers are overburdened just keeping the boat afloat and heading in the right direction.
Therefore audits are used as a safety net, in the sure knowledge that something somewhere will be overlooked. So literally millions of hours of auditing is carried out just in case somebody does not do a job properly.
Audits are thus seen as a necessary evil, because the forms need to be filled in to show the work has been checked, but this condescension has a knock-on effect in that effectiveness is seen more in terms of efficiency of completing the process, rather than asking (and answering) difficult questions.
Better, risk-based audits should provide assurance to management where systematic control is adequate for purpose, and an alert where it is not. Done properly, audits should surely be 'welcomed'.