Internal Auditors should be Brave
It can be hard for internal auditors to tell their stakeholders, whether at board level or in top management, what is putting the organization at greatest risk.
It can be hard to say that the root cause for control failures is that there aren’t enough people, or that the company does not pay enough to attract the best people.
It can be hard to tell the CEO or the audit committee that the executive team does not share information, its members compete with each other for the CEO’s attention, and as a group it fails to meet any person’s definition of a team.
It can be hard to say that the CFO or General Counsel is not considered effective by the rest of management, who tend to ignore and exclude them.
It can be hard to say that the organization’s structure, process, people, and methods are insufficiently agile to succeed in today’s dynamic world.
But these are all truths that need to be told.
If the emperor is not told he has no clothes, he will carry on without them.
Internal auditors at every level are subject to all kinds of pressure that may inhibit them from speaking out:
- They may believe, with justification, that their job is at risk
- They may believe, with justification, that their compensation will be directly affected if they alienate top management
- They may believe that their career within the organization will go no further without the support of top management, even if they receive the support of the board
- The level of resources provided to internal audit will probably be limited, even cut
- The CEO and other top executives have personal power that is hard to oppose
- They are focused on “adding value” and do not want to be seen as obstacles
- They fear they will never get anything done, will not be able to influence change, and will be shut out of meetings and denied essential information if they are seen as the enemy
Yet, if internal auditors are to be effective, they need to be able to speak out – even at great personal risk.
It would be great if internal auditors were protected from the inevitable backlash. I know of at least one CAE that has a contract that provides a measure of protection, but most are only protected by their personal ethics and moral values.
It would be great if the audit committee of the board ensured that the CAE is enabled to be brave. But few will oppose an angry CEO or CFO.
We need to be brave, but not reckless. There are ways to tell the emperor about his attire without losing your neck. They include talking and listening to allies and others who can help you. They include talking to the executives in one-on-one meetings where they are not threatened by the presence of others. Above all, it is about not surprising the emperor when he is surrounded by the rest of the imperial court.
It is about treating the communication of bad news as a journey, planning each step carefully and preparing the ground for every discussion.
It is also about being prepared to listen and if you are truly wrong being prepared to modify the message.
But, the internal auditor must be determined to tell the truth and do so in a way that clearly explains the facts and what needs to be done.
I close with a tongue-in-cheek suggestion that the song Brave by Sara Bareilles (well worth watching) become our anthem.
You can be amazing
You can turn a phrase into a weapon or a drug
You can be the outcast
Or be the backlash of somebody’s lack of love
Or you can start speaking up
Everybody’s been there,
Everybody’s been stared down by the enemy
Fallen for the fear
And done some disappearing,
Bow down to the mighty
Don’t run, just stop holding your tongue
And since your history of silence
Won’t do you any good,
Did you think it would?
Let your words be anything but empty
Why don’t you tell them the truth?
Say what you wanna say
And let the words fall out
Honestly I wanna see you be brave
With what you want to say
And let the words fall out
Honestly I wanna see you be brave
Leave a comment
Norman Marks on Governance, Risk Management, and Internal Audit 
Nice one and I think we internal auditors try to behave bravely only but I find most of time difficult to balance between assertive vs aggressive
I know we have to be assertive and not aggressive
Regards,
Kushal
http://www.internalauditexpert.in
Fear is a powerful force that leads in inactivity. The Brave will turn the fear upside down and think of all the things that could happen if not speaking up. The Brave speak up because the global consequences of not doing so are far greater than the personal consequences for speaking. The Brave become our heroes.
Thanks for posting Norman, I think this is very timely.
Steve
Certainly, you are right Steve. However, not applicable in the corrupt nation.
“… if internal auditors are to be effective, they need to be able to speak out – even at great personal risk. It would be great if internal auditors were protected from the inevitable backlash.”
“… the internal auditor must be determined to tell the truth and do so in a way that clearly explains the facts and what needs to be done.”
How can leadership change an organizational culture when employees are afraid to speak up?
At her State of the State address, Arizona Gov. Jan Brewer unveiled a plan that calls for $25 million in one-time money to help pay costs to transition Child Protective Services to its own separate agency and $21.5 million to hire 212 new caseworkers. The request comes in the wake of the discovery of 6,554 reports of child abuse and neglect that were deliberately not investigated.
The Director of this new agency was recently quoted, “I know it will be a challenge. Untangling decades of bureaucratic policies and misdirected priorities is not an overnight fix.”
To untangle decades of bureaucratic policies and misdirected priorities,” the new Director needs to put in place a framework for managing sustainable organization change. A framework that engages and empowers employees at every level of the organization.
Such a framework could be made up of:
1) Effective policy management (online policy library)
2) Ongoing culture assessments (similar to the annual Federal Employee Viewpoint Survey)
3) Performance Scorecards (measuring hard & soft metrics)
4) Event management and reporting (employee feedback using FMEA)
5) Enterprise data analytics (talent and workforce analytics)
6) Annual certifications to the Code of Conduct (to reinforce values)
When employees are afraid to speak up, children, youth and families are at risk.
Dear sir,
Greetings
I always wondering that ,in the highly developed countries an audit is a profession and accountability is clearly defined .Where as in the back word or under developed countries an audit activity can exist in very challenging situations and corrupted situations.Generally In most cases we can say that it exist by the will of individuals interest not by its principle. Because the crime doers are strongly attacking the auditors personal life . Corrupted persons are always protected by the military and civil high officials and have power even they can dismiss the auditor’s from that land .
I want to say that to restore an audit activity as a profession it may take centuries . I know so many peoples who are victim in this point.If I get any support I wish to work out and want to show a demonstrable work in this regard or if any body who is interested he can contact me and discuss on these threat .Even the local government audit institutions are dominated by these people.