Small/independent goverment agencies, like PHAs, generally approach audits with a sense of anxiety rooted in uncertainty.
What exactly are auditors looking for?
Are they assuming something is wrong?
Are audit findings a sign that something serious has gone wrong?
In practice, audits are far less dramatic—and far more predictable—than they are often perceived.
Understanding how audits actually work, and what auditors are truly evaluating, is one of the most effective ways PHAs can reduce stress, prevent repeat findings, and operate with greater confidence.
This is when agencies receive the Prepared-By-Client (PBC) list, a comprehensive request for documentation spanning finance, procurement, housing programs, governance, and operations.
The PBC list can feel overwhelming, but it’s important to understand what it represents. It is not the audit itself. It is a request for evidence that should already exist as a result of normal operations. PBC lists typically arrive weeks before fieldwork begins, giving agencies time to organize and prepare.
Auditors typically select samples using statistical or risk-based sampling; agencies don't get to choose their 'best' files.. This is why consistency across files matters far more than perfection in a handful of cases.
When documentation practices are uneven, gaps surface quickly once sampling begins.
Fieldwork is where auditors begin validating what they’ve received. This often includes:
Auditors are asking fundamental questions:
These questions are not adversarial. They are designed to assess whether the agency’s systems are functioning as intended.
A common misconception is that audit findings imply fraud, misconduct, or negligence.
Here's what actually happens: most findings stem from far more mundane issues:
These are operational breakdowns, not moral failures.
That said, weak documentation and internal controls can create conditions where more serious problems become possible. This is why auditors focus so heavily on evidence and consistency. Auditors do distinguish between minor findings and more serious deficiencies, which is why addressing documentation gaps before they compound matters.
One of the most frequent sources of audit findings is misalignment between policy and practice.
Policies may be outdated, copied from generic templates, or never revised to reflect staffing changes, technology updates, or new regulatory guidance. Meanwhile, staff develop informal workflows that help them get work done—but are never formally documented.
When auditors compare written policy to actual execution and see a mismatch, findings follow.
Alignment matters not because auditors are rigid, but because policy is the standard against which compliance is measured.
Auditors do not evaluate effort, intent, or institutional memory. They evaluate systems.
They assume that:
When agencies struggle during audits, it is usually because these assumptions are not met—not because staff failed to do the work.
This perspective is critical. It shifts audit readiness from a people problem to a systems problem.
PHAs operate in a compliance-heavy environment shaped by oversight from bodies such as U.S. Department of Housing and Urban Development and independent auditors. These entities are not looking for perfection. They are looking for discipline, consistency, and proof.
When agencies understand this, audits become far more manageable.
Instead of reacting to auditor requests, agencies can anticipate them. Instead of scrambling to reconstruct decisions, they can point to documentation created as part of routine operations.
Understanding what auditors actually look for removes much of the fear surrounding audits. But understanding alone is not enough.
And when findings do occur, agencies that have strong underlying systems can typically address them through straightforward corrective action plans rather than wholesale process overhauls.
In the next post, we’ll break down the four failure points that consistently create repeat audit findings in PHAs—and outline what true year-round audit readiness looks like in practice.
Most audit findings don’t come from major failures. They come from small gaps in documentation, ownership, and follow-through that compound over time.
If you want a clearer picture of where your agency may be vulnerable—before auditors arrive—we offer a limited, no-cost audit readiness strategy session for PHAs. The goal is simple: identify one or two areas where tightening documentation, workflows, or internal controls would make the biggest difference.
For context: Tikler is a document workflow and compliance platform built specifically for Public Housing Authorities, focused on documentation, SOP enforcement, and year-round audit readiness.
.png)
