Internal Audit in Crisis Times
My friend, Hal Garyn, has shared his views on Internal Audit in these difficult times: It’s Crisis Time: Does Internal Audit Have a Say?
He makes several first class points and I strongly recommend this article to you. For example, he says:
- Just because internal auditors want a seat at the table, doesn’t mean senior executives will automatically pull back the chair and gesture for audit leaders to sit. It must be earned. Once it’s earned, it must be retained. Auditors earn and keep a seat at the table by continuously providing valuable insights, making commitments, and delivering on promises.
- Just because we think we have something important to say, does that information matter to our colleagues? Is it the right information, at the right time, delivered to the right people, and is it insightful?
- Internal audit, even with its reliance on technology, data analytics, and electronic communication, will still be most successful because of the interpersonal relationships it has now and will develop over time.
- Look at internal audit from the outside in, not the inside out: Focus on what the organization really wants from internal audit, not just what we believe we should provide.
- Consider and prioritize the work that is absolutely necessary, even if it is outside the typical internal audit work, and leave the work that doesn’t address the immediate problems for another time.
- Volunteer to help: Determine how you can help and figure out how to do it. Don’t wait to be asked. The four words every internal audit leader should be asking senior executives is: “How can I help?”
- Be more flexible with risks to objectivity: While objectivity is fundamental to internal audit, in times of crisis, what the organization needs should potentially take precedence over preserving objectivity.
- Move to a near-continuous risk assessment: Risk is dynamic, not static. Right now, risks are quickly evolving in terms of impact, likelihood, severity, duration, and velocity. If you are conducting risk assessments on a quarterly or, dare I say, annual basis, your assessments are yesterday’s news.
I usually end my posts with, if not criticisms, additional perspectives and suggestions.
I don’t want to dilute Hal’s article and leave you to read it in its entirety.
I welcome your thoughts
Leave a comment
Norman Marks on Governance, Risk Management, and Internal Audit 
Totally agree. Over my career I have reported at higher levels (e.g. to CEOs and been on the board of a major corporation) than most internal auditors dream of and it was by doing many of these things.
Excellent synthesis of the role – and I write not as an Audit professional but a recipient of such services. The final comment is perfect and probably applies to many other positions: Strategy, Business development, Marketing, Customer Service etc etc
Good points, but the final bullet point implies that internal audit are doing the risk assessment. It should read something like, ‘Ensure management continually assess opportunities and risks and have the mechanisms for quickly taking any necessary action to manage them.’
David
http://www.internalaudit.biz