Sei sulla pagina 1di 3

ARTICLE

Avoid the Seven Deadly Sins of Internal Audit


Internal auditors should embrace the concept of value and fit.
Michael Bechara is managing director of Granite Consulting Group Inc., and former chief audit executive of EDO Corp.

What makes an internal auditor effective? Some say its about technical skills such as accounting, industry knowledge, or regulatory awareness. Others say its about soft skills or people skills: how you manage employees, your professional image, or the strength of your relationship with your boss. Both of these skills are critical, but they alone do not determine the effectiveness of an internal auditor. The key differentiator is the concept of value and fitthe value of internal audit and how this fits in with the organization. Often, the concept of value and fit is threatened by a familiar group of factors or sins that, sadly, are replicated among many internal audit functions. During our discussion of these factors, we will also lay out some concrete strategies to overcome them. Following are the seven deadly sins of internal audit. 1. Ineffective planning In the hierarchy of internal audit activities, risk assessment and planning are right at the top. If we fail at these activities, everything else that follows is meaningless. It doesnt matter if we have the best audit staff, the most advanced technology, or the most impressive audit reports. If we dont choose the right areas to audit based on risk, we certainly wont be successful at what we doauditing the wrong area in the right way doesnt help our cause. A good internal audit plan: Is risk-based; Relies on multiple sources of input; and Uses technology to support the audit process. The most important of these elements is the risk-based aspect. An effective risk-based assessment tells us what area of the organization to audit so our audits are targeted, specific, and efficient. 2. Being self-centered Internal auditors sometimes believe their function is the most important one in the company. And why not, for surely marketing, operations, and finance feel the same way about their functions! Unfortunately, studies show that such chauvinism is sadly misplaced. According to a Forbes Insights Global Survey, only 44% of executives and audit committees believe internal audit helps

their organization achieve its business objectives. Even fewer37%say they involve internal audit in key business decisions and strategy. If we, as internal auditors, want a seat at the table, we need to understand that what we do (ensuring good processes and controls) may help the company achieve its objectivesbut it isnt the companys end goal. Too often, internal auditors engage in perfect world or best practice discussions that lead nowhere. We must also understand that management is truly interested in governance, risks, and controls, but not in theoretical discussions. Members of senior management and the board have told us time and again they want a professional opinion, as well as practical advice that can be implemented in the here and now. For us to fill that need, we need to: Understand the organizations objectives, as well as macroeconomic and industry risks; Make sure that our solutions support the organizations objectives; and Ensure that the benefits of our solution outweigh the costs. We also need to work closely with other internal auditors in the company, as well as stakeholders such as the risk and compliance management department, to ensure that internal audits provide optimal value. 3. Losing the truth We, as internal auditors, deal with many complex issues. What seems like a significant issue at the beginning of an audit could turn out to be trivial at the end, and vice versa. The road from discovery to conclusion is long and winding. Facts are revealed slowly and in pieces. Many internal auditors get into trouble by refusing to budge from the conclusions they make early on in the auditing process. They dont want to be seen as people who continuously change their

ARTICLE

mind. But we lose credibility if we hold onto outdated positions that are no longer supported by facts and circumstances. We can, and should, change our minds when new facts are brought to light. The ability to adapt to changing circumstances is the hallmark of a seasoned business executive. Inability to change, on the other hand, oddly is the main point of many internal audit findings. 4. Ineffective communication Internal auditors love details. We tend to believe that the more information we convey, the better the chances are of it being understood completely. Unfortunately, the board and management team simply dont have the capacity or time to understand all of the details. Theyre looking for expert advice, not reams of data. Effective communication is all about identifying common themes and issues across audits, consolidating them, and then presenting them in a concise and specific format. Here are a few guidelines: Get to the point or the newspaper headline. For example, there was a fraud in Branch A. Develop a thesis for why this condition exists. For example, the fraud was due to collusion among treasury employees in Branch A. Back up your thesis with selected data. For example, the fraud stemmed from three transactions of $500 each, occurring in January, October, and December of this year. 5. Failing political science Politics is a process by which groups of people make decisions. So how does that apply to auditors? Well, anyone who deals with improvement must understand the decision-making process. We need to make sure the decisions that are made will stick. And we need to know where to go for solutions to be implemented quickly. Essentially, understanding the politics in our organization will allow us to formulate workable solutions that will get implemented. The key to understanding organizational politics is to ask the following questions: Where are decisions made? Who makes the decisions? How are the decisions made? Who ignores the decisions (and gets away with it)? Who overturns decisions?

and control experts. We certainly are, but negotiation is a big part of our job. We deal with solutions to problems, and every problem has more than one solution. Therefore, we need to take into account the opinions of people who are most familiar with problems: Management. Simply stated, negotiation is a difficult skill to acquire. It really cant be taughtit must come from experience. Knowing when to stand by your decisions and when to compromise requires a vast database of prior experiences. Just like a stalk of wheat, if youre too stiff, youll break, but if youre too soft, youll get trampled on. The trick is to bend with the wind, but still snap back and gain your rigidity when you have to. Here are a few tips on effective negotiation: Focus on the end goal, not how to get there; Understand the other sides position; Make the other side workdemand suggestions that help solve the problem; and Dont compromise on the wrong issue, especially when it relates to morality, fraud or ethics. 7. Destroying credibility The internal audit profession is built on the concept of an independent assessment. If assessments have no credibility, they lose their value. And if they lose their value, then the value of internal audit to the organization is also lost. Building credibility is an ongoing process that requires: Making judgments and voicing opinions based on actual audit testing and documentation; Failing to be swayed by, or act upon, rumors or inside information; Not discussing audit results except with those who need to know; Presenting issues only that you have personally reviewed; and Forming an opinion only on data which has been verified. Lets return to our original concept of value and fit. If internal auditors want to understand this functions value how it fits in with the organization, we require, first and foremost, a solid base of technical skills and regulatory knowledge. Second, we need the ability to translate this knowledge into effective and pragmatic solutions that people will buy into. And third, we need to demonstrate credibility and integrity. Apart from shifting our mindset and acquiring the right skills to implement the value and fit concept and avoid the seven sins, we can also use some help on the technology front to better

6. Inability to negotiate As internal auditors, we think of ourselves as the governance, risk,

ARTICLE

provide value to the organization. Boards and management want an internal audit function that can help the organization attain its objectives. This can be achieved with the right combination of skills and technology. By developing more structured audits, communicating more effectively with stakeholders across the enterprise, and providing practical and beneficial solutions to business issues, we, as internal auditors, can avoid common pitfalls, and attain our full potential.

ABOUT METRICSTREAM
MetricStream, Inc. 2600 E. Bayshore Road Palo Alto, CA 94303 Phone: 650-620-2900 Fax: 650-632-1953 info@metricstream.com 2012 MetricStream Inc. All rights reserved. For More Information about MetricStream GRC and Quality Management Solutions please visit www.metricstream.com

Potrebbero piacerti anche