Are You Committing Blunders with Your Audit Committee?

 As an auditor, when you think of quarters, you aren’t thinking of money. Instead, there’s a part of you that’s probably thinking “quarterly summary,” and “audit committee,” and then stressing out a little bit. So, don’t worry, we have people here who have created and delivered plenty of quarterly summaries to audit committees (AC). And they have a few ideas.

If you’re in the midst of creating a quarterly summary right now, make sure you’re not experiencing any of these pitfalls in your presentation.

Pitfall #1: The concept that more is better in a presentation

Auditors communicate to different audiences throughout an audit. Once they get to the audit committee (AC) quarterly review, they are presenting an aggregated understanding of 3-4 months worth of audit work. But not all of that work can be shared in depth.

Ed Williams, Senior Audit Manager at Experis, sums up how auditors interact with the audit committee. “What the audit committee needs is that lens into the business of how effective the company is at managing [all types of] risk.”

Two items audit committees are very concerned with are risk and reputation, so make sure you cover those items in a way that is meaningful to the audit committee members.

In other words, if your AC presentation seems long, then it probably is too long. You’ll need to simplify the AC presentation. This is where the finesse of the auditor comes into play and you hit the audit committee with a simple 1-2:

1. List the risks (e.g., simplified dashboards),

and

2. List what people are doing about the risks (concise communication).

That’s about it. Considering that internal audit is only one group out of many that will present to the AC, your succinctness will drive home the importance of what you present.

Auditor tip: Apply the 30% rule to your presentation. For example, if you are presenting a PowerPoint and you have a feeling that it might be a tad verbose, see if you can cut 30% of the slides. If still it seems a little long, try cutting another 30%.

Pitfall #2: Auditors and the Audit Committee lack communication.

How much is too much information in an audit committee presentation? Well, consider all the other groups that will also be presenting and adjust accordingly.

In audit committee meetings, you may have members from compliance, regulatory, and treasury all giving presentations. What differentiates these presentations from internal audit presentations are those groups are all talking about themselves and what they are doing. But when internal audit stands up, they act as almost an extension to the audit committee, discussing risk and company culture throughout the company.

According to Jim DeLoach, managing director at Protiviti, CAEs are often perceived as “reservoirs of knowledge and insight” to inform senior management and the board of up-and-coming risks. 

Because audit can be an extension to the audit committee, it’s important to foster a solid relationship between the two groups. One CAE recalls, “My first meeting with the latest chairman was very impactful.  His first action in our introductory meeting was to take out his mobile phone, have me put his mobile number in my phone, and then said, ‘If you need this number, do not hesitate to ring it.’”

Steps like above seem small, but are significant in building the relationship – seek out opportunities to build a relationship with the Audit Committee and know what they want.

Auditor tip: It’s important to communicate with the audit committee and learn their style. Some groups want more information, and others want less. They have different information levels and different presentation styles. Get to know what they want, so you make the most of their time. Find out more tips on this topic here.

Pitfall #3: Auditors stay in the comfort zone.

“We are missing out on strategic risks that internal audit can help with,” comments Williams. “Sometimes the auditor focuses too much on the normal routine stuff that’s always been done (i.e., accounts payable and easy cash audits).”

If business is going to get uncomfortable, shouldn’t internal audit step out of its comfort zone too? As business changes, so must audit.

There are additional areas that historically internal audit hasn’t touched but that are worth a look. Reputational risks and strategic planning are huge to the business: corporate scandals, harassment, and discrimination cases. These are root causes that lead to nefarious actions in the company. And no audit committee chair wants a bad reputation on their watch.

Audit teams are performing entire culture audits or integrating culture into routine audits. In Williams’ experience with Experis across multiple companies, he has seen the benefit in auditing culture specifically. “The idea of culture risk [is important]. Every time another CEO does something bad – the lens gets put back on the culture of the company.” For more information on culture auditing, listen to Alec Arons’ podcast here.

Auditor tip: Using risk assessments and risk frameworks can help guide internal audit into new waters of risk in the company. Does auditing seem a little too humdrum to you lately? Try diving into risks for culture, social media, and strategic planning within the company.

As you head into your next audit committee presentation, hopefully you’ll be able to go in with a fresh take on old presentations. As one CAE notes, “Get in, state your business, and get out.” But do it with style.