Will break tradition for this one and specify right at the outset. It’s us, the Internal Auditors exactly! Because no one likes to praise us. In fact, hardly anyone wants to discuss us and our work even, I mean at least not in a positive light. There are people singing praises around us for others, but no one about us.
It’s because of the work we do. Hardly anyone is interested in even understanding the work we do. And our heroics thus mean anything to us only. We are only told to listen, to understand, to learn from others, to seek out people stories. We’re expected to seek ‘facts’ made up or real! No one is interested in our story!
But isn’t this good? We are neither required nor expected to heap praises on people such that we end up s**king up to someone at work through these. We definitely don’t need any of that. And while we are keeping to ourselves, we might earn a reputation suited for professionals!
And isn’t it also good that there are people in an organization who aren’t doing all what they’re supposed to be doing for the praise and appreciation? Simply because they’re doing what they have been hired for doing. Don’t we get compensated for fulfilling the JDs and maybe bonuses for going the extra mile? Isn’t that how it works?
Professional internal auditors, however, always have to go the extra mile. Because there’s nothing typical about our work. At least that’s what professional auditors believe, practice and have their clients experience, adding value every step of the way. But when it comes to recognition of our efforts or realization of the changes and improvements that our interventions have brought, we’re mostly an afterthought.
Because of course, the actions on our internal auditing interventions are taken by the management. So, it’s always convenient to forget about the triggers or agents. The name that matters on the initiatives is that of the management! We, the internal auditors, are simply the assurance providers and the consulting partners.
It is generally believed that we don’t even understand what we’re talking about. Because that’s always the first answer to any of our questions or advisory; a reaction! We are told that we don’t understand because we’re not in the driving seat responsible for the operations. And when we are not in charge of the operations, we don’t know what it’s like being in charge.
We’re told decisions that managements make and take always have some basis grounded in reason best kept to themselves. And that, by virtue of this argument, we aren’t supposed to question those decisions, which we do anyways because that’s what we’re expected to do in order to review the decision making process as a whole and to understand that the decision aligned with the circumstances and the objectives.
But that’s some significant intervention, more of an intrusion that hardly anyone likes except for those who understand the value addition, Internal Auditing brings through its assurance and consulting works. And for those who seek us, the ball keeps rolling as internal auditing continues triggering evolutions in the Governance, Risk Management and Control (GRC) systems it improves!
From the Internal Audit Charter providing the only example of self-governance and thus leading by example to custom made audit services, the internal audit consistently aligns itself with the objectives of the entity it serves, formalizing its own role, responsibilities and accountability.
From the formally finalized and approved heat maps and rating mechanisms assigning ratings to the findings to the consolidated repositories of outputs of internal auditing interventions the internal audit exemplifies transparency, objectivity and areas mapped value addition leading to planning prowess.
From the detail oriented entity-wide approach to risk management review to the process level risk management linkages, the internal audit not just ensures initial to advanced understanding of risk, but also its high-level structural integration between the entity’s objectives and the process objectives such that the process owners and team members are aware of the impacts their actions have on the entity’s objectives.
From aligning the internal audit’s accountability in terms of its performance metrics with the governing body’s objectives and responsibilities to codifying the internal audit’s deliverables in terms of impacts on the risk universe and tweaks to the IA planning, the internal audit ensures end to end integration of its strategies and outputs.
From adjusting the overall spectrum of internal audit services in accordance with the needs of the entity to continually tweaking the materiality thresholds for internal audit findings aligned with the changes in entity’s business, the internal audit ensures its deliverables are in perspective of what the entity holds material and desires to improve.
From coordinating and unifying audit approach across diverse assurance and consulting providers, to providing a comprehensive coverage of all risk universe through the best combination of interventions suited to entity’s objectives, the internal audit focuses its energies on maximizing the benefits to the entity.
From providing advisory to introduce and improve policies and procedures not just from governance, risk mitigation and control objectives standpoints, but also from process efficiencies and optimization perspective to providing assurance regarding their compliance and thus fulfillment of design objectives, the internal audit is the comfort entities need that ensure the policies and procedures are working as intended.
From designing audit approach in order to identify fraud risk factors and being actually able to detect frauds to providing closure not just in terms of recovering exposure but also in terms of preventing recurrence, the internal audit is plugging holes that are in there under the watchful eyes of the management!
The ‘nuisance’ value of internal audit is the degree of certainty on accomplishment of an entity’s objectives. We’re about systematic approach, disciplined conduct, detail-oriented thought process aimed at consistent evolution and improvement in GRC systems. Our quest is perfection, and we embrace excellence every step of the way!
But it’s hard to come across people who see it that way. People who are willing to pay the right cost of investment in internal auditing and offer them the hierarchy they deserve. Guess they aren’t aware of the costs of their objectives aka the cost of their capital and the return they require on their investment.
Had they been aware, this premium required to be paid on top of investment would not be ignored.
But there’s something about professional internal auditors. We go on! Our pursuit of perfection and excellence knows no bounds. Even if no one likes to sing about us, we have our own songs to sing!
Entities just have to ensure these are not their swansongs that we sing! And when they do happen to realize that and need to find us, they should know where we love to be……….BTS!