Home > Risk > Internal Audit in Crisis Times

Internal Audit in Crisis Times

November 16, 2020 Leave a comment Go to comments

My friend, Hal Garyn, has shared his views on Internal Audit in these difficult times: It’s Crisis Time: Does Internal Audit Have a Say?

He makes several first class points and I strongly recommend this article to you. For example, he says:

  • Just because internal auditors want a seat at the table, doesn’t mean senior executives will automatically pull back the chair and gesture for audit leaders to sit. It must be earned. Once it’s earned, it must be retained. Auditors earn and keep a seat at the table by continuously providing valuable insights, making commitments, and delivering on promises.
  • Just because we think we have something important to say, does that information matter to our colleagues? Is it the right information, at the right time, delivered to the right people, and is it insightful?
  • Internal audit, even with its reliance on technology, data analytics, and electronic communication, will still be most successful because of the interpersonal relationships it has now and will develop over time.
  • Look at internal audit from the outside in, not the inside out: Focus on what the organization really wants from internal audit, not just what we believe we should provide.
  • Consider and prioritize the work that is absolutely necessary, even if it is outside the typical internal audit work, and leave the work that doesn’t address the immediate problems for another time.
  • Volunteer to help: Determine how you can help and figure out how to do it. Don’t wait to be asked. The four words every internal audit leader should be asking senior executives is: “How can I help?”
  • Be more flexible with risks to objectivity: While objectivity is fundamental to internal audit, in times of crisis, what the organization needs should potentially take precedence over preserving objectivity.
  • Move to a near-continuous risk assessment: Risk is dynamic, not static. Right now, risks are quickly evolving in terms of impact, likelihood, severity, duration, and velocity. If you are conducting risk assessments on a quarterly or, dare I say, annual basis, your assessments are yesterday’s news.

I usually end my posts with, if not criticisms, additional perspectives and suggestions.

I don’t want to dilute Hal’s article and leave you to read it in its entirety.

I welcome your thoughts

  1. John Fraser
    November 16, 2020 at 10:27 AM

    Totally agree. Over my career I have reported at higher levels (e.g. to CEOs and been on the board of a major corporation) than most internal auditors dream of and it was by doing many of these things.

  2. David Beer
    November 16, 2020 at 11:55 PM

    Excellent synthesis of the role – and I write not as an Audit professional but a recipient of such services. The final comment is perfect and probably applies to many other positions: Strategy, Business development, Marketing, Customer Service etc etc

  3. November 17, 2020 at 2:26 AM

    Good points, but the final bullet point implies that internal audit are doing the risk assessment. It should read something like, ‘Ensure management continually assess opportunities and risks and have the mechanisms for quickly taking any necessary action to manage them.’

  1. November 22, 2020 at 6:32 AM

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: