I’m usually up early, I like to set myself up for the day and get into a good headspace before work. I normally make a coffee and some breakfast before going for a bit of a walk to get some fresh air. I find it gives me time to get outside, get a bit of exercise and listen to some podcasts – have some time to myself. After that I head to the station and catch the train into Southern Cross, where KPMG has been located for just over a year. Our office is really close to the station so it’s pretty easy to get to and from work.
I arrive at the office and find myself a desk. We hot-desk, meaning that at the end of each working day we pack up our desks entirely and can choose where to work the next day. I really like this arrangement – it stops me having a messy desk for one, but it also means I can relocate to sit with whichever team I’m working with and collaborate more easily. We also have areas for focused work, or meeting rooms, but our department has around 130 people in it so I like to be located with everyone. As we spend a fair amount of time working out at clients, it’s nice to see people come and go when I’m in the office, as I am today.
I check my emails, check in with my colleagues and get a bit of a to-do list organized for the day. My department in Audit, Assurance and Risk Consulting is Internal Audit, and at the moment I’m working on one of Victoria’s largest universities. In the first few years of being a Consultant there’s usually a lot of variety in the clients you work on and the projects you do for them; over time we become members of the ‘core team’ of client projects which allows us to direct where we’d like to specialize, and build our client knowledge and relationships. As a result I’ve had a lot of variety in the clients I’ve worked on across all four of our major service lines – corporates and retail; infrastructure, government and healthcare; energy and natural resources; and financial services. I’m slowly specializing in both education and infrastructure, which is great as KPMG has a lot of activity going on in these spaces and I really enjoy working in these spaces.
I’ve gone through my inbox and listed my tasks, then I’ve organized my day around what I need to do. I start by completing a key document for our education client. This involves building a Risk and Control Matrix (RACM), which we use to document our work against a project scope for a client. RACMs detail the key risks against each scope point of work we’re performing, the controls we observe that the client has in place, and an assessment based on sample testing or walkthroughs with the client of how effective these controls are in managing the risk exposure for the client. I enjoy building these and contributing to internal audit projects because over time I’ve had the opportunity to understand a lot of intricate processes for industries I would otherwise have had very little exposure to. I have so much more appreciation for the work that goes into these companies!
I pop over to see the team I work with on this education client and have a chat – I update them on where I’m up to and check their availability to talk through some gaps have identified in the client’s control processes. We need to evaluate whether these gaps pose a risk to the client and how we can help them perform these controls better, or what controls they can implement that would be more effective.
I leave the RACM I’ve built with my team mate so that they can give it a read through and send me their thoughts. While they’re doing that, which might take them a few hours, I pick up some work our internal audit team have been performing on some Victorian Government infrastructure projects. The nature of this project is such that the government have engaged construction contractors to manage the infrastructure project. The contractor passes on all direct costs from the project to the Government each month. Our role in this project is to look at what is charged, and evaluate whether the contractor is allowed to claim that particular cost back, given the terms of the contract. I sit down with a list of invoices and charges submitted by the contractor and investigate the nature of the expense, whether appropriate approval was sought, and input into our testing document the invoices that are compliant and the ones we need to enquire about further.
I take a break in the middle of doing this – we have a massive food court downstairs so I pop down to grab a falafel and avocado sandwich (my favorite, you should try it) and meet some colleagues on the balcony. We have an open air space on level 37 of KPMG which is really lovely to have lunch on when it’s a nice day – great views of Melbourne as well!
After lunch I continue with the sample testing; I submit my list of queries back to the contractor after running them by my team, with some queries around the time period of the claims; it looks like these costs have been incurred by the contractor prior to the main scope of works for the project commencing, meaning that they are ineligible for reimbursement by the Government. It turns out this is what’s happened, and I escalate this to my team so that they can inform the required parties that a credit needs to be issued to the Government and controls need to be implemented to prevent this type of error occurring in future month claims.
My colleague has finished reading my RACM and sends it back to me with some thoughts on what we’ve collected so far. We need to add some more information to a few of the scope points to substantiate what we’re including in the final report, so I go back to my notes from client meetings and add further detail to their processes. On a high level, internal audit reports inform company management and public stakeholders about the company’s processes and risk management. If there is found to be a legal issue around an area that we have audited (and have said is compliant), we can also bear liability alongside our client for any non-compliances. As such, it’s really important that we appropriately document everything that we speak to clients about, the information they give us, and how we’ve substantiated issues that we’ve raised in our reports.
I finish bulking up my RACM and send it back to my teammate for their thoughts, which they’ll likely send back to me tomorrow ready for the next steps in our audit. This will involve further meetings and interviews with clients to understand their role in the audit area, and further collection of documents and artefacts to demonstrate how they’ve followed the required process. As such I set about writing up some question lists for these interviews. It’s not uncommon for people to become defensive when they’re interviewed – and it’s understandable; auditors like me come in for a very short amount of time and sometimes end up telling people who have worked in their role for a number of years how to do it better. Sometimes they feel afraid or nervous about speaking to us in case they say something that doesn’t reflect well on them. As such, it’s really important to build rapport with the people we speak to, to explain what we’re doing and that the goal of an audit is always to give them peace of mind over what they’re doing and foster continuous improvement. Having a positive audit culture really makes a difference to their experience, and our outcomes for the client. The types of questions play into this; it’s important that they don’t sound aggressive, accusatory or intrusive. At the end of the day we’re going into a client workplace to understand better what they’re doing and how they do it. I write up the question list to help us address our scope points, then send it through to my team to review in the morning.
That’s a wrap- a good day overall. I sit down and make a to-do list for tomorrow, which involves updating anything I didn’t get around to today, or tidying up documents when I hear back about some queries. I send a last few emails to my team keeping them in the loop about progress that’s been made today, which probably isn’t necessary as I was sitting with them all day but it helps me track of what I’m doing. After that I pack up my desk (though I liked where I was sitting so I’ll try and get that desk tomorrow as well), put my things in my locker and head home.
It’s not that common to work super late; if something needs to be completed I’ll stay until it’s done, no problems, however my team have a great culture and staying late is viewed as something you do if there’s been an unexpected development (i.e. a client has moved a deadline) or if you just have a lot on. We have flexible work arrangements so sometimes people come in a bit later and work a bit later or something like that, but for the most part we have a great culture and finish at a reasonable time.
I’ve got an express train home which is great, so I have some dinner, have a shower and watch some Netflix.
I check the fridge to make sure I’ve got lunch prepared for the next day and my clothes are ironed then read a bit in bed. I set an alarm for the next day and am usually asleep by 10:30-11:00.