Relationships between audit committees and chief audit executives (CAEs) have become increasingly more complex as the risks facing organizations have become more diverse and dynamic. Indeed, audit committee members often comment that they are turning to internal audit more often for an expanding scope of assurance and advisory services.
But the relationship between the audit committee and the CAE is often complicated by personal dynamics and the awkwardness that comes with “constructive feedback.” As a result, I have often found that audit committees are uncomfortable pointing out to the CAE what internal audit could do better. Instead, they leave it to management to deliver the news, and the translation isn’t always pure.…
I recently saw a LinkedIn post with a compelling photograph of a smiling police officer and the caption, “Internal Auditors Are Not the Organization’s Police Force.” My first instinct was to agree with the post, but I reflected on the fact that many are seen as playing the role of corporate cop – some by their own choice, some by the choice of management.
Those internal auditors who choose to be “the police” by the way they execute their roles should never complain about relationship struggles they might endure. Choices have consequences.
But as I have observed in my blog over the years, the reality is that many internal auditors are asked to assume responsibilities involving corporate investigations.…
Famed American poet Maya Angelou once observed: “When people show you who they are, believe them the first time.” I have always found that to be incredibly sound advice, in both personal and professional relationships. Those words came to mind recently when a chief audit executive (CAE) shared with me an experience with an internal audit client.
The saga started when a new director took over corporate procurement two years ago. The CAE’s staff met with the procurement director at the beginning of an internal audit, and they were warmly received. The director spoke glowingly about the importance of internal audit, and said he looked forward to the assurance they would provide about the effectiveness of procurement operations.…
OK, I know, my headline isn’t grammatically correct. But in full transparency, I repurposed the phrase from Norman Keith Collins, known popularly as Sailor Jerry,a prominent 20th century American tattoo artist from Hawaii. I don’t normally quote tattoo artists, but I think Sailor Jerry was on to something: You generally get what you pay for.
What does all of this have to do with internal auditors? I believe it is precisely the problem that plagues some internal audit functions, and it is a contributing factor to the lingering talent shortage facing the profession. I also believe that it is not always an accident that internal auditors (starting with the CAE) are not paid as well as they should be.…
I frequently peruse various news feeds for articles on internal audit. Some of those written by non-internal auditors are quite good. Some are quite bad. And there are some that offer bad information or advice that I cannot resist calling out. One such article appeared recently on the noted thought-leadership website JDSupra.com.
To be fair, the article, titled SEC Compliance Internal Audit Tips: 4 Things You Should Know, appears well-intended and provides some useful advice for executives of regulated securities firms. For example, the author advises securities firm executives to “take prompt action” on information provided in internal audit reports.…
Internal audit functions are essential to effective risk management, control and governance. And vital to that effectiveness is independence of the function and objectivity of its internal auditors.
Independence and objectivity are so important that they respectively comprise the first two IIA Standards. Independence, according to the Standards, “is the freedom from conditions that threaten the ability of the internal audit activity to carry out internal audit responsibilities in an unbiased manner.” Objectivity is an “unbiased mental attitude that allows internal auditors to perform engagements in such a manner that they believe in their work product and that no quality compromises are made.”…
Over the years, I have spoken to countless board members about their roles and expectations for internal auditors. Most are complimentary of the internal auditors in the organizations they oversee. They often refer to the auditors as their “eyes and ears,” and stress how much they depend on the internal audit department.
But there is one expectation by board members that causes me concern: They often emphasize that they look to internal auditors to help them avoid surprises.
I can’t help but cringe when I hear that, especially in an era of risks that seem to emerge out of thin air and catch everyone by surprise.…
In my last blog of 2022, I recognized 12 outstanding thought leaders from around the world as A Dozen Who Made a Difference over the past year. These men and women elevated internal audit’s full potential through a full body of thought leadership that included writing, speaking and use of social media.
The annual Beacon Awards prompt a great deal of interest, and I am often asked for a list of individuals who are active on social media. Given the amount of time I devote to this space, I obviously have developed an extensive lineup of people and organizations I follow.…
In a recent blog, I observed that in many companies management and boards do not welcome – or even permit critical scrutiny by internal auditors. Fortunately, that isn’t the norm. From my experience, a majority of organizations do recognize the importance of internal audit, and value the role it plays. But that does not mean management and boards are always happy to hear what we have to say. Being the bearer of bad news can test even the best relationships.
Every profession has its ups and downs, and internal audit is certainly no exception. In fact, some of the most awkward and, yes, even painful moments can occur when we need to deliver bad news to those whose areas of responsibility we just audited.…