For small to medium size organizations with limited related party relationships and operating in the private sector, the auditee and audit client tend to be one and the same on one end with the auditor on the other end. However, for medium to large size organizations and government agencies, it is common for the roles of audit client and auditee to be filled by separate parties in addition to the auditor creating three roles within the audit process. Regardless of where you are, this article will provide a clear understanding of your role and responsibility and the easiest way to navigate what is required of you.

Auditor vs Auditee vs Audit client roles

An auditor is an independent third party that is engaged to conduct an audit (test, review, assessment, evaluation) of financial statements;  an operating area; compliance with specific requirements etc and deliver the results or in the case of financial statements, express an opinion on whether they are fairly stated.

Now that we have defined who an auditor is, let's distinguish between the roles of the audit client and auditee as it is essential to understanding their responsibilities at each stage of the audit. Let’s start by defining them: The auditee is the subject of the audit i.e. the organization or unit of the organization that is being audited, while the audit client is the party or organization requesting the audit. Consider the examples below which differentiate between the two:

• A parent or holding company (audit client) engages auditors to perform quarterly reviews of a subsidiary entity’s (auditee) financial statement for the purposes of meeting the group’s SEC quarterly filing requirements
• A legislative body (audit client) engages auditors to conduct, on the legislative body’s behalf, a performance audit of a government assistance program operations that are the responsibility of an executive agency (auditee)

The most prevalent type of audit where the auditee is also the audit client is a financial statement audit.

Auditor vs Auditee vs Audit client responsibilities throughout the audit

Since you are likely to be reading this as an auditee or audit client or potentially one be on your way to playing one of those roles, let's focus the discussion on you.

Auditee vs Audit client responsibilities during planning

Cooperation with the auditors is essential throughout the audit. However, for the planning stage it is critical for all parties involved. In requesting the audit, the audit client must articulate the objective of the audit and the specific scope they desire the auditors to cover. If the audit client is separate from the auditee, it is advisable for the audit client to consult with the auditee to the extent possible to gain insights on the status of the intended audit area, the known and potential weaknesses, general readiness of the intended audit area, etc.

Recently, I conducted an internal audit which was initially intended to be a process review i.e. perform walkthroughs of manual and automated controls to simply understand a specific process and evaluate their design effectiveness against the key risk areas they were designed to address. Not long after kicking off the audit, the audit client made a request for us to include a test of the operating effectiveness of the controls without consulting the auditee. In other words, in addition to understanding the process and making recommendations on its design, we were to test specific transactions to determine if they were completed in accordance with the controls around the process. As expected, the auditee was not happy with this new direction as they had quite a number of lapses and were not ready for a test of details. This significantly strained the remaining audit process. The big lesson there for me was to have all parties absolutely clear about all requirements of the audit at all times. Communication is key.

Secondly, both the audit client and auditee must be clear about the criteria against which the organization or audit criteria will be evaluated. Criteria here could be regulatory requirements, laws, industry standards, internal policies, and procedures, etc.

Further, in seeking to understand the environment of the organization or the audited area, the auditors may hold discussions and request information to do an initial risk assessment to identify the areas of focus. Audit clients naturally are not very close to the core operations and this responsibility falls more heavily on auditees. However, it is not uncommon for auditees to be cautious in providing information here especially on known issues. To the extent possible, if you are an auditee, do share as much relevant information as possible particularly in the audited area that has issues that are an open secret. This will enable the auditors to refine their risk assessment and properly focus their efforts. Further auditors with the right level of experience in your industry can make helpful recommendations and share useful insights to improve problematic areas to the extent that they are fully enlightened. 

Auditee vs Audit client responsibilities during fieldwork

The audit client typically has no role at the fieldwork stage because interactions here are solely between the auditor and auditee. Depending on the level of preparation performed by the auditee in terms of gathering the requested information and preparing process owners for the audit, this stage can be conducted with reduced interruptions to the day to day responsibilities of the auditee.

To facilitate the fieldwork, the auditee needs to prepare in advance all requested and relevant documentation, system access with appropriate permissions, key personnel relevant to the audit. Depending on the nature of the audit, logistics will also need to be arranged for auditors e.g. where site visits will be needed for certain facilities.

A lack of cooperation here often leads to avoidable audit findings which will later require an additional time investment and effort to debunk.

Auditee vs Audit client responsibilities during completion

It is imperative for auditees to review the supporting evidence for each audit finding with a fine-tooth comb to ensure their validity. Preliminary audit findings arising out of misunderstandings, misinterpretation of data, unique one-off transactions that were processed differently without overriding the underlying control can mostly be resolved prior to finalizing the audit report. The responsibility of the auditee at this stage is providing the necessary support to enable the auditors to clarify valid and invalid deviations from the audit criteria.

In my experience as an auditor, auditees tend to make a strong showing when it comes to validating the audit findings i.e. providing explanations, sharing information, etc. However, once the findings are settled, this level of energy is not always present when discussing and agreeing on audit recommendations and drafting management comments. The reason this is important is that the recommendations drive the action steps needed to resolve the audit findings. Therefore they should be practical for your situation and this can be missed if the review of the auditors’ recommendation and drafting of management responses are not robust. The more robust this process is, the easier it will be when it is time to implement corrective actions to resolve the findings.

For auditees, a critical responsibility here is the signing of the management representation letter depending on the nature of the audit. These letters usually come standard from the auditors with limited options to make edits. However, edits should be discussed and agreed upon with auditors if necessary so that management does not make representations or commit to information that does not align with their unique situation.

As the ultimate recipient of the audit report, the audit client through the lens of the auditor gets an impartial view of the audited organization or organizational area. Depending on the nature of the audit client/auditee relationship and the purpose of the audit, the audit client may 

• Require the auditee to implement corrective actions to address the audit findings or take steps as appropriate t0 resolve the findings if no corrective action is required
• Use the audit report for its own purposes including incorporating it in a consolidated financial statement or group reporting on operational matters etc.

The key underlying factor for all the segregated roles and responsibilities is communication, collaboration and cooperation among all parties involved the extent necessary.