CPA Maroa Julius Mwita
Since history, most audits have concentrated on numbers since they form the main components in the financial statements and through the financial statements the financial health of a company is easily measured. This sounds a great idea but with the current trends where cyber security issues, climate related issues among other operational issues are knocking in from time to time, it’s a signal that modern audits should be much broader, risk-based, and include qualitative aspects. Writing an audit report off qualitative aspects is not feasible because in any audit mostly for external audits, the audit’s goal is to provide a “true and fair” view of an entity, and for internal audits is to provide assurance on various aspects ranging from internal controls, compliance, risk management, fraud which cannot be achieved solely through numerical data. Whereas quantitative data (numbers) shows what happened, qualitative aspects—such as management behavior, corporate structure, organizational system, control environments, and compliance culture—explain why it happened, providing the context necessary behind the numbers for stakeholders to make informed decisions. This means that when the condition is pointed out but the cause is silent then an organization may remain financially ill for long.
Example
The department XYZ had issued a total of Kshs. 5,400,000 as imprests for various purposes out of which only a total of Kshs. 2,100,000 had been accounted for leaving Kshs. 3,300,000 un accounted despite the lapse of the activity timelines.
From these we can easily tell that the quantitative aspect (What) is clear but the qualitative (why) aspect has not been addressed and if this reported to management and finally to responsible committees like internal audit committee it will be hard to diagnose the problem faster since many aspects could contribute to the delay in accounting ranging from management culture of not to account, holding several imprests at a time, etc.
It’s worth nothing that there are several qualitative factors that are silently killing businesses and the entities that are not uniquely being mentioned by various audit reports including;
1. Leadership and Management Failures
• Weak Leadership & Incompetence: The top cause of failure, where leaders lack the skills to navigate crisis, fail to delegate, leading to operational bottlenecks and eventually the competitive advantage is eroded.
• Founder Syndrome/Management Bandwidth Collapse: The business grows beyond the owner’s personal capacity to manage it, causing decision-making to slow down, errors to rise, and the owner to burn out.
• Reactive Management Attitude: Failing to proactively anticipate market changes, technology shifts, or competition, resulting in blames rather than strategic planning.
2. Strategic and Market Failures
• Creating of a product without conducting a customer needs assessment. Creating products or services that customers do not actually want, need, or understand. This is a primary killer of startups.
• Poor Strategic Alignment of Technology: Adopting each and every new technology without understanding the need and whether the technology aligns with the goals of the business or organization
• Adaptability issues: Failure to shift swiftly with changing consumer behaviors, technological disruption, or market shifts.
3. Operational and Organizational Failures
• Lack of Systems and Structure: The absence of standardized, repeatable processes means the business cannot run efficiently without constant direct supervision, leading to inconsistent quality.
• Overexpansion/Rapid Scaling: Growing too quickly without the need to, which strains operational capacity, breaks supply chains, and results in poor customer service.
• Weak Internal Controls & Fraud: Internal theft and embezzlement, often enabled by a lack of proper accounting, inventory tracking, and oversight.
4. Reputation and Ethical Failures
• Reputation Damage & Low Trust: A bad reputation, often stemming from poor customer service, public scandals, or unethical behavior, can cause a rapid decline in customer loyalty.
• Ethical Lapses & Governance Failures: Fraud, corruption, or conflict of interest by directors and management that destroys investor confidence and invites legal penalties.
• Customer Service Failures: Ignoring complaints and failing to maintain customer relationships, thus making customers shift from one brand to another especially in the telecommunication industry, banking industry and hotel industry
5. External and Environmental Factors
• Existence of Geopolitical & Regulatory Instability: Unstable political environments, continuous policy changes e.g. on taxation, or excessive, unpredictable regulations that disrupt operations.
• Continuous Cybersecurity Attacks: Increasing, sophisticated cyberattacks (ransomware, data breaches) that can paralyze operations, particularly as criminals use AI to identify vulnerabilities.
• Overreliance on a Few Customers/Suppliers: Relying on a single client for the majority of revenue, which leaves the business in limbo when the customer exits.
6. Poor financial planning-Most entities have huge budgets that cannot be supported in terms of how they will be financed thus making many activities going without being implemented due to liquidity issues.
It worth noting that overreliance on documents won’t give much on the true picture of the company and that’s why you find a company having a negative working capital but still surviving in business and one wonders why. This calls for another aspects that is continuously being ignored called interviews. An audit is not conclusive without interviews why? The answer is, in most cases documents give information but interviews reveal the reality which can unlock a major milestone which may call for review of audit scope, methodologies etc.
Example
On review of the policies governing revenue collection, ICT, asset management and employee welfare to ascertain compliance level in company BNA, we confirmed that all policies were in place as per our checklist and were being implemented accordingly. A case in point is the use of revenue policy that has seen the company collect Kshs. ……….However, on interviewing the top management on the level of understandability of the policies we confirmed that that 2 out of 5 top level managers were not aware of some policies whereas 1 out of 5 could not tell revenue raising measures as per the policy within their department thus pointing a management gap.
From this, the auditor gave a positive attribute to the company management on policies development but additionally he went further to test the understandability where a management gap was revealed that as much as we may be collecting revenue or our policies are working some people may not be aware of them as it could be a one person’s document from requisition to development and it would be prudent to interview officers at different cadres and their level of involvement in policy development process.
Remember in our line as auditors our reports should win public confidence in that they should be clearer with no need of a third-party interpretation meaning it should always reflect in one’s mind- so that’s how the situation is and not what is the auditor trying to mean. The auditor, the intended user and the responsible party should always understand the reports in terms of evaluating the subject matters covered and there raising a quantitative finding should go hand in hand with a qualitative statement addressing the WHY aspects for quick decision. Therefore, the relationship between the three parties should be viewed in the context of each audit.
Others factors like internal control weaknesses should clearly be pointed out. Qualitative evidence is also crucial for evaluating internal audit effectiveness, particularly in assessing areas like governance, organizational culture, risk management. Unlike quantitative data, which is easily measurable (e.g., number of audits completed), qualitative evidence is derived from methods such as interviews, focus groups, and surveys, providing depth to performance assessments.
