Management

Avoid the Seven Deadly Sins of Internal Audit

Internal auditors should embrace the concept of ‘value and fit.’

July 12, 2012
KEYWORDS audit , auditors , fraud , internal , risk
/ PRINT / ShareShare / Text Size +

4. Ineffective communication

Internal auditors love details. We tend to believe that the more information we convey, the better the chances are of it being understood completely.

Unfortunately, the board and management team simply don’t have the capacity or time to understand all of the details. They’re looking for expert advice, not reams of data.

Effective communication is all about identifying common themes and issues across audits, consolidating them, and then presenting them in a concise and specific format.

Here are a few guidelines:

  • Get to the point or the “newspaper headline.” For example, there was a fraud in Branch A.
  • Develop a thesis for why this condition exists. For example, the fraud was due to collusion among treasury employees in Branch A.
  • Back up your thesis with selected data. For example, the fraud stemmed from three transactions of $500 each, occurring in January, October, and December of this year.

5. Failing political science

Politics is a process by which groups of people make decisions. So how does that apply to auditors?

Well, anyone who deals with “improvement” must understand the decision-making process. We need to make sure the decisions that are made will stick. And we need to know where to go for solutions to be implemented quickly.

Essentially, understanding the politics in our organization will allow us to formulate workable solutions that will get implemented. The key to understanding organizational politics is to ask the following questions:

  • Where are decisions made?
  • Who makes the decisions?
  • How are the decisions made?
  • Who ignores the decisions (and gets away with it)?
  • Who overturns decisions?

6. Inability to negotiate

As internal auditors, we think of ourselves as the governance, risk, and control experts. We certainly are, but negotiation is a big part of our job. We deal with solutions to problems, and every problem has more than one solution.

Therefore, we need to take into account the opinions of people who are most familiar with problems: Management.

Simply stated, negotiation is a difficult skill to acquire. It really can’t be taught—it must come from experience.

Knowing when to stand by your decisions and when to compromise requires a vast database of prior experiences. Just like a stalk of wheat, if you’re too stiff, you’ll break, but if you’re too soft, you’ll get trampled on.

The trick is to bend with the wind, but still snap back and gain your rigidity when you have to.

Here are a few tips on effective negotiation:

  • Focus on the end goal, not how to get there;
  • Understand the other side’s position;
  • Make the other side work—demand suggestions that help solve the problem; and
  • Don’t compromise on the wrong issue, especially when it relates to morality, fraud or ethics.

7. Destroying credibility

The internal audit profession is built on the concept of an independent assessment. If assessments have no credibility, they lose their value. And if they lose their value, then the value of internal audit to the organization is also lost.

Building credibility is an ongoing process that requires:

  • Making judgments and voicing opinions based on actual audit testing and documentation;
  • Failing to be swayed by, or act upon, rumors or “inside” information;
  • Not discussing audit results except with those who need to know;
  • Presenting issues only that you have personally reviewed; and
  • Forming an opinion only on data which has been verified.

Let's return to our original concept of “value and fit.” If internal auditors want to understand this function’s value how it fits in with the organization, we require, first and foremost, a solid base of technical skills and regulatory knowledge.

Second, we need the ability to translate this knowledge into effective and pragmatic solutions that people will buy into. And third, we need to demonstrate credibility and integrity.

Apart from shifting our mindset and acquiring the right skills to implement the “value and fit” concept and avoid the seven sins, we can also use some help on the technology front to better provide value to the organization.

Boards and management want an internal audit function that can help the organization attain its objectives. This can be achieved with the right combination of skills and technology.

By developing more structured audits, communicating more effectively with stakeholders across the enterprise, and providing practical and beneficial solutions to business issues, we, as internal auditors, can avoid common pitfalls, and attain our full potential.

Michael Bechara is managing director of Granite Consulting Group Inc., and former chief audit executive of EDO Corp.; and Gaurav Kapoor is chief operating officer for MetricStream.

Post a comment to this story

What's Popular

Popular Stories

Recent Discussion

Your Say: Have You Ever Suffered a Denial of Service Attack?

View Results Poll Archive