It's time to reflect on our successes and past missteps and resolve to improve in 2017
10, 9, 8, 7......Happy New Year!
While it may be hard to believe that any internal auditor has missed opportunities or made mistakes (definitely not you), those who take the time to reflect on their missteps have the opportunity to improve not only themselves but also the service their departments provide. If improving Internal audit’s service is important to you, then the following four New Year’s resolutions should be on the top of your and every internal auditor’s list this year.
1. Become an Expert of Your Business- Many internal auditors understand how their company makes money, manufactures its products, and the types of services it provides. But some don’t do much else to understand what makes their company tick.
Imagine if your team was aware of all your company’s key products by name or model number, or why your top customers buy from you instead of your competitors? What if your staff and seniors understood all of the key metrics executive management and the board monitor? What if they knew the specific reasons preventing your company from achieving its strategic goals and objectives?
Understanding this information can have a significant impact to your department’s effectiveness. Initial planning meetings with audit customers could begin to focus more on how their department helps the company achieve its goals and objectives and less on “risk and control” speak. In turn, audit customers may be more willing to share more information with you during planning and fieldwork, and they may be more open to adopt your team’s future recommendations.
And if that’s not enough, think how much more robust your internal audit risk assessment would be! Gone would be the days of the risk assessment being a CAE-only exercise. Now an entire team would be able to conduct the risk assessment, with the CAE providing oversight. A more robust risk assessment should lead to a more interesting audit plan, and most importantly, a more informed audit committee.
Of course, it’s easy to contend that you don’t have enough time to become more knowledgeable about your company with all of the other work needed to get done. But don’t suffer from this rationalization! Go talk to people in the business, introduce yourself to other colleagues to get their perspectives on the company, and find out what they are working on. Start a conversation during your team meeting on what you think is most important to the company’s success and then ask for your team’s perspectives. This in-depth insight and knowledge of your company will result in a more focused audit scope and internal audit recommendations more in-line with company goals and objectives. In turn, you will be a better internal auditor.
2. Be More Customer Focused- If improving internal audit’s service is so important, perhaps you may consider your internal audit team as its own business within your company and not as a producer of requirements others in the company have to follow.
Adopting this mindset doesn’t have to be difficult. Do you refer to those you work with as auditees or audit customers? When planning for an audit, do you ask your customers to write out steps to their process in your pre-planning questionnaire that can be easily found in the group’s policies or procedures? Instead, you could ask them to validate the answers you pre-populated to your own questions? If you have access to your company’s ERP system, perhaps someone from your team can pull the data or a report that was requested in the document request list.
Does your internal audit team offer customers an audit survey to provide formal feedback on how well the internal audit team performed during the project? An audit project survey will increase the chances your team acts in a spirit of customer service and can flag improvement opportunities that may not normally come to light.
No matter how efficient your team is, internal audit projects are disruptive to your customers’ normal day-to-day activities. If you want to improve the service internal audit provides, start carrying out audit planning, fieldwork, and reporting with a customer-focused mindset, and seek out opportunities to minimize disruption to your customer.
3. Be More Empathetic - While managing an internal audit project or department can be demanding and stressful, actually being audited is usually even more trying. Because we are human, we make mistakes, and don’t always meet expectations. This human element is usually the cause of many issues found during an internal audit.
Empathetic internal auditors are those who can understand what another person is feeling from the other person’s perspective. Being empathetic can reduce the stress and tensions caused by internal audit work, improve the chances of uncovering root causes, and foster better working relationships among audit customers and your internal audit team.
Before shooting off an email including a terse reminder, maybe there is a reason an auditee hasn’t sent you something you previously requested. A quick in-person conversation to listen to what he or she has to say can shed light on the late submission. And before explaining that “you would expect” a control to be operating in a certain manner to someone responsible for a control issue, maybe you can actively listen to why it happened, and work with that person to highlight any downstream compensating controls.
Practicing empathy doesn’t have to start and stop with your audit customers. An internal audit senior reviewing a staff’s work-papers that include errors can perhaps speak with the staff to understand why the mistakes are happening before providing harsh feedback. Maybe more training is needed, or members of the staff were trained incorrectly. If your team member sent you a draft audit report that was both late and incomplete, perhaps you can take a step back and share with your team that you are aware how hard it is to actually prepare a first draft of an audit report.
Being empathetic is not easy and may take additional unplanned time. But being empathetic improves relationships, helps resolve conflict, and expands perspectives (both yours and your colleagues), all which help improve the work internal audit provides.
4. Have Fun – We only get to do this thing called life once, so why not have a little fun while we’re at it? Countless studies have cited that happy workers are more productive at work and that positive work cultures improve employee performance. And setting productively aside for a moment, having fun, is, well, fun!
Working in internal audit doesn’t have to be serious business all the time. Does your team eat lunch together? If not, why? You can also create, or suggest, mini-challenges during audit projects to get your team engaged, such as allowing the auditor who completes testing and any related review notes first to choose their next project.
For the many internal auditors who travel, don’t just rely on eating out together. Make it a point to go see a local attraction with your team. Or workout with a team member before work. Not only will the team work better together, they’ll be better able to resolves problems and tensions that arise in any team environment.
You don’t need to be told how to have fun, so get creative and surprise your team and colleagues. When you find ways to have a lot of fun and get a lot of work done at the same time, well then, it’s safe to say your resolutions were met!
Happy New Year! I am honored to serve you, and the global Internal Audit Community as the Vice President and General Manager of MIS Training Institute’s internal audit division.
For the past 40 years, the MIS Training Institute has provided training to internal auditors to help them do their job better, whether it be understanding internal audit methodology, provide “how to” instruction to audit business process and information technology controls, and providing soft-skills training to help internal auditors enable positive change within their organization.
Today, our team continues to work hard to develop and provide training to equip internal auditors tocarry outtheir responsibility to provide assurance to their Boards of Directors and executive management teams that organizational objectives will be met, and enterprise risks are managed to an acceptable level.
Best of luck in 2017. I hope to talk to you soon.