Over the past two years, I have heard executives complaining with increasing frequency that “internal auditors just don’t understand the business.” My sense is that some of these complaints are legitimate while others originate from business unit managers who simply don’t want internal auditors probing around in their areas of operation.
As I have observed before, many internal auditors were brought into their organizations in recent years to help with enhanced internal audit coverage of financial controls. Many who made up this new generation of internal auditors had little background in their company or its industry. They were proficient in Sarbanes-Oxley related audit support, but had little — if any — experience in auditing operational risks.…
In my last blog entry, I explored the concept of internal auditing’s stakeholders and who I thought they were. I identified the primary stakeholders of a typical corporate internal audit function as:
- The audit committee and the board.
- The CEO (or head of the enterprise).
- The chief financial officer or individual to whom the chief audit executive (CAE) reports administratively.
- Potentially, the other chief officers of the enterprise.
Whether the list is the right one or not is subject to debate, and will clearly vary by organization. What is not subject to debate is the need to identify your own stakeholders and to appropriately align with their expectations.…