Why You Should Not Be Afraid Of Internal Auditors?

Published by Yana on

Many corporate functions hate internal audits. People ​perceive them as useless, ​time-wasting, police-playing and inflating problems that don’t exist to justify their existence – and the people behind them as incompetent, arrogant and what not… Just imagine, someone with very little knowledge about your challenges and your profession comes in, asks stupid questions, twists your words, uses your honesty against you, finds out ridiculous old policies you had no idea still existed, and starts telling you all the things that are potentially wrong with your function… Sounds familiar?

But I am here to tell you that internal audit could be the most popular, most respected and most desired function in your company. People would be signing up on the waitlists and fighting for the privilege to be audited. Don’t believe me? – Read on!

I learned about the value-adding concept of Internal Audit at Amazon. In fact, I was a guest auditor for a few internal audit assignments and even was an auditor myself for a short period of time. The name of the function is actually “Internal Audit and Benchmarking” – and the reason for this is that the primary focus of the Internal Audit should be not to assign blame, but to research the situation, brainstorm together with the business owners what they’re struggling with, jointly give valuable feedback to the senior management about what is a realistic situation, actual risks and business needs of this particular function, and then jointly develop a plan of how to take this function, department or activity to the next level of excellence.

Internal Audit should never be a “check-the-box” exercise and/or formality. To add value, it must focus on the real risks and challenges of the function, resource constrains, dependencies, potential consequences of doing or not doing certain things, and it also needs to look outside of the company and research the best practices, best tools and best ways to perform ​an activity.

What are the stages of a great, value-adding internal audit process?

Internal Audit Phase

Description

Risk Assessment: talk to business owners and employees, leads of key functions, external stakeholders (e.g. customers, vendors, external service providers, accountants, etc.) and try to understand what has been going on.

By asking open-minded questions and not searching for deficiencies and errors, an internal auditor can uncover real issues that are keeping people awake at night, real struggles and real gaps that should be addressed.

Who are the key customers and stakeholders of this function? What do they think? Are they getting what they need?

Ask about recent developments in the function, whether there have been any big changes lately, ask what is missing – in comparison with some other functions.

Stay open-minded and try to develop an objective understanding​ of how insiders and outsiders see the function.

  • Were there any big events, such as big turnover of people, addition of a new tool or system, recent incidents, complaints?
  • Was there any change in direction, maybe a reversal of a previous decision or an update to a previous strategy?
  • Is there an area that is waiting for a decision or some issue that everyone agrees needs to be addressed, but it has been postponed for a while?
  • Why?
  • ​Will the company survive?

Benchmark – past events, current results, future needs. Look outside for best practices

This is a logical continuation of the previous step, but instead of talking to insiders, you are trying to find answers in the past, in the future or outside of the company. Were any past commitments broken? What happens if nothing changes? Are we in line with what everyone else is doing?

Prioritize, challenge and calibrate => develop an audit plan.

Some functions may have a tendency to downplay their issues and some leaders ​have a very low risk tolerance. Your job is to balance them out by asking for everyone’s opinion in a neutral ​manner.
  • After Internal Audit will have talked to all key functions, departments and ​external stakeholders, believe it or not, very quickly magic happens: common themes emerge, common concerns surface, common issues become more clear.
  • The issues and concerns will have to be prioritized, calibrated and assigned a risk and urgency category.
  • This is where we are determining the future focus and resource allocation: where do we need to dig deeper and find real answers and real root causes of serious problems
  • Sometimes it’s not clear if there is a resource problem or a personal problem or a knowledge gap or a competitive disadvantage.
  • Sometimes it’s not clear why things take so long or why there are so many human errors. Our goal will be to include these big issues into the audit plan, so that during the field work more data is collected and analyzed and  more attention is focused on key company bottlenecks.

Field work and research: Form an objective understanding if the function is fit for purpose now and fit to scale up in the future? What happens to this function if the company grows 50% next year? What happens if a new product is launched? What if the law changes? What is the competition doing in this space? Are there new tools or solutions that this function might consider? What kinds of dependencies does this function generate in the supply chain? Why​ were there so many issues flagged by other functions or external events?

Try to get as much data and metrics as possible.
  • For this stage it is helpful to engage a so-called “guest auditor”. An internal auditor is usually not an expert in the subject matter they are auditing, which is why it is a great idea to find someone with relevant knowledge in the organization to assist with the audit.
  • For example, if you audit IT security, it would be great to get an opinion from someone with an IT security background (maybe a different department or different team), and if you are auditing finance it is a great idea to have someone who might have studied finance or worked in finance in their previous role.
  • Obviously, people should not audit their own work, but many employees have plenty of cross-functional skills, especially, if you count their past experiences.

Make a plan to make things better, allocate resources, agree and commit. Then rinse and repeat next year.

Just follow through 🙂

Hopefully, now you see how it could work.

If your internal auditor opens the door and the first thing they ask is “show me your policies” and if ​you tell them about your complexities and challenges they respond “it’s not my problem, I report to the Board” – fire them on the spot.

However, many professionals really care about their company and want to help. If this is the case, the Internal Auditor can be a good friend who will give you their objective opinion, who will spend time and resources researching the real issues you face and help you find the right answers. An Internal Auditor could be a wonderful accountability partner for the CEO, monitoring and making sure things are on track and that company resources are allocated to the issues that really require attention.

Categories: corporate governanceMy favorite companies
Tags:

Related Posts

"Hire Slow, Fire Fast" Does Not Work in FinTech Compliance
corporate governance

“Hire Slow, Fire Fast” Does Not Work in FinTech Compliance… Or Perhaps Anywhere Else 😉

I really would like to challenge the conventional wisdom of the “hire slow, fire fast” principle. I’ve never personally followed this advice, but only after hearing Ben Horowitz talking about it, did I realize why Read more…

Where to Find Board Members and How to Pay Them?
corporate governance

Where to Find Board Members and How to Pay Them?

FinTech startups often struggle to find the right Board Members, and indeed there is a lot of confusion about who they should be, how much you can expect from them, and what their fees should Read more…

FinTech Co-founders: When Friendship Becomes A Problem
corporate governance

FinTech Co-founders: When Friendship Becomes A Problem

Today, I wanted to share with you my thoughts about FinTech co-founders who are also best friends and how it may become a problem for the company and the team. You often hear that the best Read more…

>