Attention entrepreneurial small business owner (ESBO): be your own internal auditor!

Ennis, Kevin L. ; Tucci, Jack E.

INTRODUCTION

Management skills of an entrepreneurial small business owner (ESBO) and auditing are two business disciplines that often collide in the real business world. The relationship between the small business owner and the auditor is often one of defensiveness and antagonism. It is often viewed with little consequence when the family business owner's firm is being reviewed by independent financial auditors from their lending institution. Most Emboss still view the auditor as someone that will report problems to their banker or financier; be critical of their performance; or, even worse, potentially cause them to lose a valuable credit rating with their lender. There is a story often told in the business world that goes something like this: this underlining conflict occurs because the relationship between the ESBO and the auditor always begins with lies. The ESBO tell the first lie when he informs the auditor, "I am glad that you're here." Then the auditor follows with his own lie by saying, "I am here to help you."

The real irony about the entire relationship is that both the ESBO and the auditor should have the same motivations, goals and objectives pertaining to the effectiveness, efficiency, and economy of the business's profitability and future outlook. Each has its own distinct disciplines that delineate the goals, functions, and skills necessary to be successful. The purpose of this paper is twofold. First, we offer a critical review and comparative analysis between the goals, skills, and functions of the audit profession and those of the entrepreneurial small business owner (ESBO). While the ESBO may consider the motivational goals, skills, and functions of the two disciplines to be completely different, in fact, they should be relatively the same. Each should assist in meeting the company's goals and objectives while improving the overall effectiveness, efficiency, and economy of the operation.

This discussion will lead us into our second purpose of this paper which is to take the information that an ESBO "should" be gathering in conjunction with the auditor's report and provide "real-world" applications that can be easily implemented. We address the prospect that "good" ESBOs may become more effective by crossing into the accounting discipline and embracing some of the goals, functions, and skills that will enable them to be an effective internal auditor of their small business. While the definition of a "good" ESBO is a qualitative term, we develop a model which could assist in identifying the common goals, skills, and functions of the two disciplines which can be applied by the ESBO to do a better job in their organizations.

THE ACCOUNTING DISCIPLINE

The accounting discipline has two assurance professions that provide an attest function which may be utilized by management to assist in meeting its goals and objectives. These two assurance professions are financial auditing and internal auditing. They have their own professional standards, which are monitored and implemented by independent, self-regulating organizations (Bloomfield, 2004). These standards of both assurance services provide the auditor with the goals, functions, and skills necessary to complete the attest function in a professional manner.

Financial auditing for the ESBO is governed by the American Institute of Certified Public Accountants (AICPA) utilizing its own Codification of Statements on Auditing Standards (SAS'S). This attest function centers on the reasonable and fair presentation of financial transactions in accordance with generally accepted accounting principles (GAAP). In 1972, the American Accounting Association's Committee on Basic Auditing Concepts gave the accounting discipline a definitive definition of auditing:

Auditing is a systematic process of objectively obtaining and evaluating evidence regarding assertions about economic actions and events to ascertain the degree of correspondence between those assertions and established criteria and communicating the results to interested users (The Accounting Review, 1972).

This definition implies that auditing is both an investigative and a reporting process, which will provide relevant and reliable information to assist potential users in making decisions (Ricchiute, 2001). These potential users could be new investors, current shareholders, creditors, employees, or management personnel. Clearly, this definition was inclusive of the management function as interested users of information provided by auditors.

The research by Mautz and Sharaf (1961) gives us insight into the goals, functions, and skills of the "prudent auditor". The criteria established by this auditing research could easily apply to the management function. Their interpretation of the "good" auditor would include someone who will:

1. Take steps to foresee unreasonable harm or risk to others.

2. Attend to any resource, department, transaction, or employee that experience suggests extra risk.

3. Be aware of unusual circumstances or relationships when planning and conducting the engagement.

4. Recognize and adjust for unfamiliar situations.

5. Attempt to resolve doubt and unanswered questions about material matters.

6. Maintain competence and up-to-date on current developments.

7. Review the work of assistants with the understanding of the importance of the project.

The general and field work standards delineated in the AICPA's "Statements on Auditing Standards" (SAS's No. 1, 1972) clearly provide further guidance into the goals, functions, and skills of a "good" auditor. The general standards focus on the qualifications of the auditor and the quality of the auditor's work. These general standards are considered personal in nature as they include adequate training and proficiency, independence in mental attitude, and exercising due professional care while performing the audit. The field work standards relate to the sufficiency and competency of information needed to make a decision. Included in the field work standards are planning and supervision, a sufficient understanding of the business's internal control structure and the exercising of professional judgment regarding the sufficiency and competency of the evidence (Mayhew, Schatzberg & Sevcik, 2004).

The internal audit discipline is also governed by professional standards that establish "good" auditor goals, functions, and skills. The "Codification of Standards for the Professional Practice of Internal Auditing" is promulgated by the Institute of Internal Auditors (IIA) who also regulates the internal audit profession. Within these standards, the goal of the internal auditor is stated in the IIA's "Statement of Responsibilities of Internal Auditors." It states that:

   The objective of internal auditing is to assist all members of
   management in the effective discharge of their responsibilities by
   furnishing them with analyses, appraisals, recommendations, and
   pertinent comments concerning activities reviewed. Internal
   auditors are concerned with any phase of business activity in which
   they may be of service to management. This involves going beyond
   the accounting and financial records to obtain a full understanding
   of the operations under review.

To restate, internal auditors focus on the economy, efficiency, and effectiveness of the operations. The "Codification of Standards for the Professional Practice of Internal Auditing" also states that internal auditors should be impartial, unbiased, independent, and objective in performance of their duties.

THE ENTREPRENEUR / SMALL BUSINESS OWNER (ESBO)

The ESBO differs much from her/his counterpart in corporate business primarily in well published areas of innovation, risk, intuition, and passion. Nevertheless, the ESBO naturally draws heavily from the management discipline which provides us with bright-line guidance with respect to the goals, functions, and skills if managed well lends itself to our definition of a "good" manager. The goal of management could be defined as coordinating and integrating work activities through other people to achieve efficiency and effectiveness of operations (Robbins and Coulter, 2005). Historical research by Fayol (1916) and Koontz and O'Donnell (1955) provide us with the four classical functions of management: planning, organizing, leading, and controlling. Planning encompasses defining goals, developing strategy, and coordinating plans. Organizing includes determining who, what, when, and how activities should be accomplished. Leading is defined as directing and motivating individuals. It also includes resolving any conflicts between individuals. Controlling involves monitoring and reviewing an individual's work to ensure the coordinated activities are accomplished. These functions can be directly compared and contrasted with the functions of the audit discipline (Donnelly, Gibson, and Ivancevich, 1998).

The skills of a "good" manager can be drawn from research by Katz (1974) and Mintzberg (1975). Katz delineates three basic skills for a "good" manager. They include conceptual skills, human skills, and technical skills. This research defines conceptual skills as the ability to visualize the broad picture and how the organization fits into that overall scheme. Nevertheless, the skills paramount to and necessary for effective control are rarely voluntary (Carey, Simnett, & Tanewski, 2000.) Human skills include the ability to directly communicate with and understand people on both an individual level and a group level. Katz correctly points out that this skill is critically important for all levels of managers. The third skill involves the ability to utilize industry specific knowledge to accomplish tasks. Katz calls these technical skills and also includes the manager having a high degree of proficiency in those specialized areas. Yet when it comes to managing the numbers, and when those numbers are sketchy, there is often doubt about how to "account" for differences within operations (Davies, 2004).

Mintzberg's research defined different roles of a "good" manager. We can redefine these roles as additional skills needed for our manager. This would include informational, interpersonal, and decisional skills. Informational skills include the ability to act as a monitor, a disseminator, and a spokesperson in gathering, receiving, and transmitting information. Mintzberg defines interpersonal skills as the ability to lead individuals within the organization and to act as liaison with people outside the organization. Finally, our "good" manager will require decisional skills to successfully combine the informational and interpersonal skills. It is here that the manager must be able to resolve conflicts, negotiate and allocate the company's resources both internally and externally (Robbins and Coulter, 2005).

We now have established the necessary goals, skills, and functions of the two disciplines. Professional authoritative pronouncements of the accounting discipline serve as our basis for identifying the goals, skills, and functions of a "good" auditor. The literature already recognizes that inclusion of the controller's function is basic to sound business management (Murak, 2004). In fact some would even suggest they are becoming partners with family business owners (Williams, 2000). Fundamental research with respect to basic management principles serves as our basis for identifying the goals, skills, and functions of a "good" manager. A very vivid similarity between the two professions can already

be seen. The next step is to develop our model for analysis and discussion.

OUR CONCEPTUAL DEVELOPMENTAL MODEL

Our commentary suggests that the cross-pollination of two business disciplines can be functional in identifying those common goals, functions, and skills the accounting and management disciplines have distinguished as traits of a "good" ESBO and auditor. Our model has been developed to facilitate the discussion of the commonalities of the two disciplines. As shown below, we can label a common pool from these two separate sets of traits which are applicable to both professions. It is from this common pool of skill sets that the ESBO should draw from the audit profession and develop new skill sets which should be utilized to help her/him become more effective in building a profitable business. These skills are an absolute necessity when the business is cash intensive (Murak, 2004). The developmental model suggests that a "good" ESBO will possess not only the goals, functions, and skills as defined by the management discipline, but also possess some goals, functions, and skills of a "good" auditor.

[ILLUSTRATION OMITTED]

This visual picture of the parallels between the audit profession and the ESBO is very evident. The terminology may be different but it may be argued that the goals, skills, and functions of both disciplines are very similar if not identical. Once again, the basis of our classifications is anchored in the authoritative pronouncements of the accounting profession and the fundamental research with regard to basic management principles.

Based on our models of discipline commonalities, we can now define what ESBOs should be doing to harmonize, utilize and change business practices to enhance their management skills. As previously stated, it is our belief that someone who is considered a "good" ESBO will possess the goals, skills, and functions of both disciplines. Two questions must be asked to help ESBOs make the transition from "good" to "excellent" managers: 1) What does an auditor look for and find in an audit? And 2) How can an ESBO use this information?

FOLLOW THE MONEY TO BECOME A GOOD ESBO

The auditing function centers on identifying risks areas and evaluating what mechanisms management has put in place to control those risks. By management controlling these risks, the firm's asset investment is protected, value is added and integrity maintained with respect to the financial information the manager utilizes to make decisions. For the ESBO, the highest risk areas usually involve the largest cash exposure or investment of the small business. In other words, the ESBO should simply "follow the money."

Three high risk assets that the ESBO should continually review are the cash balance on hand, inventory, and accounts receivable. These same three assets also usually absorb a very large portion of the ESBO's total asset investments. Cash has the highest inherent risk; inventory requires capital investment, floor space, insurance, and is subject to theft and obsolescence; and, accounts receivable have valuation and collectability problems. It is critical that the ESBO manage these assets to provide the liquidity needed to meet the cash needs for current and long term debt. From an audit perspective, this is also the area where the ESBO may lack the necessary internal control procedures of segregation of duties and limited access to properly monitor these assets. It is almost unreasonable to expect an ESBO to acquire the appropriate number of personnel to maintain a proper segregation of duties and provide limited access to these assets and records. The reason for this usually lies in the ESBO's concerted effort to control overhead costs to maintain the profit margins which usually leave very little room for error. However, an ESBO can apply some simple audit knowledge and skills to reduce the risk associated with these liquid assets.

With respect to segregation of duties, the ESBO should always operate from this perspective- never give an individual the opportunity to commit a crime and the ability to cover it up. If the same person receives, reports, records, and reconciles cash, then the ESBO may want to implement additional audit functions such as monitoring and inspection for additional control. Inspect bank statements and reconciliations or even periodically complete the required bank reconciliation for additional cash protection. Inquire and inspect the daily cash receipts for proper balancing. Verify and supervise that a daily cash deposit is made. It is not good policy to leave cash in the business place for long periods (more than 12 hours) of time even in a safe place. By making a daily deposit as early in the work day as possible, the ESBO is restricting access to the cash and increasing the interest earned on the money.

Restricting access to inventory is critical. Develop controlled access areas for inventory storage. Locked rooms, closets, or gated or fenced cage units are good for this. Observe both the receiving and shipping of inventory units. This can be accomplished by physical examination or supervision. Develop good accounting mechanisms for reporting inventory purchases, usages, beginning and ending inventory balances, production and sales numbers. Just accept the fact that an actual physical inventory count needs to be done more than once a year. Is this extra effort time consuming? Yes! However, this also establishes a strong control environment and puts all employees on notice that inventory is being monitored. It also provides the ESBO information about turnover, shrinkage, sales, equipment utilization, and inventory obsolescence.

Always know who owes you money. Even if the ESBO uses cash basis accounting, monitor the accounts receivable to forecast future cash inflows and control the risks of someone paying late or not paying at all. Project the image to your customers that the ESBO is not a bank. However, the ESBO must also recognize that extending credit to a good customer can be good business and accept the fact that sometimes a customer just will not pay you. The balance between the two can be critical to the successful ESBO.

Finally, two legal compliance areas exist for the ESBO which potentially expose the firm's cash flow to a negative impact. These areas are often more law-related than accounting-related and open the ESBO to possible civil and criminal fines and penalties. Compliance requirements of these areas are often legalistic and technical which usually require a level of expertise outside that of normal accounting. First, general employment related compliance with OSHA and "Wage and Hour" offer potential problems. Second, tax compliance at the local, state, and federal levels of government can be burdensome and expensive.

The good ESBO can apply two audit remedies to manage these critical exposures. First, the ESBO must understand the compliance requirements. An auditor is charged with understanding important aspects of the audit client's business. This is accomplished with education and technical expertise. The ESBO should ask questions of the appropriate authorities; read authoritative publications and bulletins; and, seek legal advice when necessary. Second, document the compliance to the highest extent. Documentation is the ESBO's best friend when it comes to satisfying inquires from legal authorities. Too much is better than not enough and remember that the burden of proof is placed squarely on the ESBO. "I didn't know about it or understand it" is not a defensive argument.

CONCLUDING REMARKS

Before we proceed, it is necessary to discuss some limitations of this commentary. Defining a "good" ESBO and a "good" auditor is a qualitative mission. This requires a value judgment by someone, and while value judgments are common in business, they are subjective. The research by Robison (1984) points out that the activity of business is not value-neutral. Further, he states that to be a good ESBO, one must have a full understanding of the characteristic effects of the management function to avoid moral situations and to attempt moral solutions if needed. One must understand that judgments are based on values, and a "good" ESBO will not undercut the system but will attempt to recognize and reconcile the limitations of the system.

The ESBO and the auditor are often seen as competing forces. Their relationship is often strained and volatile. We believe this is attributable to the misunderstanding of each other's goals, functions, and skills. This commentary attempts to demonstrate that both the ESBO and audit disciplines have common goals, functions, and skills that can be utilized in helping the business to be profitable with clear expectations for the future. We also provided a review of current research and a developmental model to support our position. This model is used to identify the commonalities that actually exist.

Second, we extended the management function so it could become more effective if the ESBO would "crossover" and adopt certain goals, skills, and functions required to also perform the internal audit function within the ESBOs respective business. ESBOs should not resist but embrace this "crossover" as these common measures should be applied during all processes of the daily activities and in strategic decision processes for the business.

Auditors are required to develop and utilize management skills. Why shouldn't ESBOs develop and utilize auditing skills? In fact, if ESBOs can adapt this cross-discipline application of common goals, skills, and functions, we may seldom need auditors again. "Don't show me the money, follow the money!" should be the new mantra for every entrepreneur small business owner (ESBO)!

REFERENCES

AICPA (2003). Codification of Statements on Auditing Standards, New Jersey: CCH.

Bloomfield, Robert J. (2004). Discussion of Examining the Role of Auditor Quality and Retained Ownership in IPO Markets: Experimental Evidence. Contemporary Accounting Research, Spring, 131-137.

Carey, Peter, Roger Simnett, and George Tanewski (2000). Voluntary Demand for Internal and External Auditing by Family Businesses. Auditing: A Journal of Practice& Theory, 2000 Supplement, 37-51.

Committee on Basic Auditing Concepts (1972). A Statement of Basic Auditing Concepts. The Accounting Review, Vol. 47, 18.

Davies, John (2004, March). The Numbers Game. Commercial Motor, 36-37.

Donnelly, J. H., Jr., J. L. Gibson, and J. M. Ivancevich (1998). Fundamentals of Management. New York: Irvin McGraw-Hill.

Fayol, H. 1916. Industrial and General Administration. Paris: Dunod.

Institute of Internal Auditors (1996). Codification of Standards for the Professional Practice of Internal Auditing. Altamonte Springs, FL: The Institute of Internal Auditors.

Koontz, H. and C. O'Donnell (1955). Principles of Management: An Analysis of Managerial Functions. New York:McGraw-Hill.

Katz, R. L. (1974). Skills of an Effective Administrator. Harvard Business Review, September-October, 90-102.

Mautz, R. K. and H. A. Sharaf (1961). The Philosophy of Auditing. Sarasota: American Accounting Association.

Mayhew, B. W., J. W. Schatzberg, and G. R. Sevcik (2004). Examining the Role of Auditor Quality and Retained Ownership in IPO Markets: Experimental Evidence. Contemporary Accounting Research, Spring, 89-130.

Mintzberg, Henry (1975). The Manager's Job: Folklore and Fact. Harvard Business Review, July-August, 49-61.

Murak, Gerry (2004, July/August). Out of Control? The Controller and the Family Business. Business Credit, 2425

Murak, Gerry (2004, September). Who's Your Cash Custodian? Restaurant Hospitality, 66-68.

Ricchiute, David N. (2006). Auditing (Eighth Edition). Ohio: Thomson South-Western.

Robbins, S. P. and M. Coulter (2005). Management (Eighth Edition). New Jersey: Prentice Hall.

Robison, Wade L. (1984). Management and Ethical Decision-Making. Journal of Business Ethics, November, 287.

Williams, Kathy (2000). Are Controllers Really Becoming Business Partners? Strategic Finance, May, 25-27.

Kevin L. Ennis, Mississippi State University-Meridian

Jack E. Tucci, Mississippi State University-Meridian