I know from experience how frustrating it can be as a chief audit executive (CAE) or member of the internal audit staff when management does not value the contributions you can make to enhanced risk management, internal controls, or governance in the organization. The signs are often evident:
If you found yourself uncomfortably answering yes to the signs above, you are probably struggling to be a valued “trusted advisor” in your organization. It occurred to me recently that CAEs or internal auditors who struggle to become trusted advisors to their stakeholders may want to apply a bit of forensic-analysis to see where they may be falling short.
One definition of forensic analysis is, “The use of controlled and documented analytical and investigative techniques to identify, collect, examine, and preserve information.” Born from the science of collecting evidence in criminal investigations, the technique serves internal auditors well in its systematic approach to gathering data. But, forensic analysis can also be used when a desired outcome is not being achieved. If you’re a CAE and not a trusted advisor, you should consider an analysis of which characteristics of great CAEs you may not yet possess. Here are a few areas to consider.
Do your stakeholders consider you approachable? One of the keys to becoming a trusted advisor is, not surprisingly, to build relationships with stakeholders in management and on the board. If you are not approachable, half the battle is lost. Do not confuse the independence necessary to carry out objective engagements with being aloof or standoffish.
Can stakeholders relate to you? Any positive relationship must have mutual understanding and interest. If stakeholders have a hard time connecting with you, you will struggle to build positive rapport.
Do you demonstrate interest in or commitment to stakeholder success? If you aren’t interested in helping our stakeholders succeed, why should they turn to you for advice or give strong consideration to your audit recommendations? If stakeholders believe your reports are designed to make them look bad or blindside them, you will never build a trusting relationship.
Do you possess empathy and the ability to understand challenges facing the organization? This is a significant point to consider, and again one that can be clouded by focusing too keenly on maintaining independence. Great CAEs and their internal auditors develop business acumen and an understanding of the pressures and compromises necessary to operate and grow an organization successfully. Gaining this knowledge and empathy does not mean conceding on effective risk management or internal control. On the contrary, this insight into the inner workings of the business is a valuable resource in helping to identify risks and practices that can erode organizational performance and good governance.
Do you possess strong technical knowledge? From cybersecurity to the Internet of Things, the biggest driver of emerging risk by far is technological change. How can you help your organization understand and mitigate risk if you aren’t knowledgeable about the biggest cause of risk?
Do you have a deep understanding of the risks facing your organization and the industry in which it operates? Related to developing business acumen, a great CAE and the internal audit team must possess a sophisticated understanding of the organization’s industry. This not only strengthens empathy and knowledge, it sows the seeds of foresight.
This is certainly not a comprehensive list of where CAEs and internal auditors can fall short in the challenging journey toward becoming and sustaining their status as trusted advisors. But taking stock in where you stand is a relevant and important exercise that will keep you striving to improve.
Those who succeed in becoming trusted advisors are the embodiment of internal audit’s value to the organization at the highest level.
As always, I welcome your comments.