How Many Auditors Did It Take Last Year?
How Many Auditors Did It Take Last Year?
Generating a Big Impact With a Small Audit Staff – Part II
September 8, 2011Internal Auditors: Let’s Practice What We Preach
October 13, 2011When I hear jokes about internal auditors, usually I can just laugh and blow it off. After all, there are plenty of jokes about doctors and lawyers and pointy-headed bosses, so why shouldn’t jokes be told about us? I attend quite a few audit conferences, and I’m used to the occasional joke about how internal auditors are heartless, or how we have dry personalities, or even how (dare I say it?) we “get in the way” when people are trying to do “productive” work. Once in a while, though, a joke strikes a little too close to home.
I was at a conference in Canada last week, and a speaker asked, “How many internal auditors does it take to screw in a light bulb?” The answer: “It depends. How many did it take last year?”
At first I laughed. A moment or two later, the joke made me pause and reflect — so much so that I completely missed whatever the speaker said next. I’ll never know what point the speaker was trying to make. But when they tell jokes about us that sting a little too much, there may be a perception problem that we need to address.
Do people see internal auditors as not being risk-focused? Are we such creatures of habit that we perform the same audits, with the same level of resources, and make the same recommendations year after year, regardless of the actual risks? Absolutely not! At least, not as far as I’m concerned.Yet, the joke still resonates.
I know that risk is at the heart of what we do. Our International Standards for the Professional Practice of Internal Auditing require not only annual risk assessments, but risk assessments at the beginning of each and every audit. From there, we develop objectives and frame the scope of the audit based on the risks. Businesses change, industries change, procedures change — so, in theory, audits change. Why would we be viewed as automatically doing the same thing we did last year? Are our risk assessments too cursory? Are we relying too much on last year’s workpapers to address this year’s risks? Do we ask the same questions each year without stopping to find out what is really keeping management up at night?
When the people we work with make a joke about auditors, after we laugh, maybe we should look for the hidden kernel of truth that makes the joke funny — or not so funny.
I welcome your comments via LinkedIn or Twitter (@rfchambers).