And why exactly should I care, one would ask? After all, I am on that comfy side of the table that’s reserved for asking questions only. Because that’s what internal auditors do. Raising queries, sounding alarms, pointing fingers, doing the critique and more of the same. But are they actually responsible for anything? Isn’t it easier to ask questions than to do the work and be responsible for it?

But since I am not going to delve into how internal auditors help entities realize their potential (statute and regulation worldwide and global internal audit standards have done that), well, in addition to asking the right questions, that is, let me just ask if “asking the right questions is no big deal?” A question is from where assessment, evaluation, introspection, review, awareness, aim, purpose and objective begins.

So, even if asking the right question is what internal auditors do, the quest for answers begin from there and they’ve then accomplished what was expected of them. But the question then is, what answers do managements have, if they have any? Though this question should be asked by the Boards, because if it comes to being asked by internal auditors, the entity is already in serious trouble.

How is it troubling, one may think? Well, firstly we do call the internal auditors once we’re done, isn’t it? Because entities managements’ strongly believe that internal auditors are no use before the work gets going. And that’s why they shy away from giving them a seat at meetings where strategy is discussed. But if it comes to them to ask it, the management has failed to figure it out altogether.

Secondly, if it’s the internal auditors asking, the managements have failed to deliver as well. Hence the question. So, it is indeed the equation, management might land the entity in trouble the internal auditors are called to navigate through. Had the managements had vision though; to have the internal auditors by their side early on, they might have steered clear of the troubles!

Well, that pretty sums up well, what we, the internal auditors do………. besides asking questions of course!

Look, I get it, audit is generally perceived to be not fundamental to any entity’s existence, or more appropriately not considered strategic. But this tells how internal audit ready an entity and its tone at the top is! And if it isn’t audit ready, it sure as hell isn’t sustainable. And if it’s not sustainable, it’s definitely not strategic! Because getting ahead of the curve is half the strategy, remaining there and going farther from there is the other (rather better!) half.

Concerned what ‘internal audit ready’ could be? Don’t be, because ‘internal audit ready’ is a term coined by me to evaluate the degree to which any entity is internal audit enabled. It is a well-meaning term. And it means how vision and mission aligned, evolved and optimized an entity’s governance, risk management and internal control systems and processes are!

So, let’s get back to the million dollar question, what is that the managements or more specifically executives do? And with this question, I have the following at least one dozen questions:

  1. Do executives understand the difference between management and leadership?
  2. Do executives understand what leadership is and what it entails?
  3. Can executives think beyond their personal goals and ambitions and think about their employers?
  4. Can executives understand what their Job Description and Performance Targets are?
  5. Do executives understand what tone at the top means?
  6. Do executives understand what the most common causes behind globally significant corporate failures have been?
  7. Do executives understand that Governance, Risk Management and Controls are progressive not regressive?
  8. Do executives understand why policies and procedures exist?
  9. Do executives understand why controls exist and why risk management is imperative?
  10. Do executives understand why the world over, statute and regulation is aimed at responsibility and accountability through Governance, Risk Management and Control systems?
  11. Do executives understand why statute and regulation was needed to ensure adequate oversight over management stewardship?
  12. Do executives understand that sustainability is key to future growth?
  13. Do executives understand that a culture of responsibility and sustainability is imperative for sustainability?
  14. Do executives understand what success is? If it is the long term viability of a reliable brand or a short term euphoria attached to a particular transaction?
  15. Do executives understand that it’s not about their legacy or their mark on the entity that they work for and then leave instead it is about their ability to look themselves up in the mirror once they’ve left?

Ok, so maybe a little more than a dozen or maybe a lot more, that I can still go on and on asking. Fact of the matter is that these questions exist because entities who could actually vouch for their executives who have answers to even a few of these are sadly a rarity!

So, yet another question is what good is the understanding of executives at the majority entities for? Or more precisely, what their executive management is good for? I’ve got an answer for this one too! And it’s “Nothing”! And that’s why most entities simply fizzle out or simply exist in calm waters…. unless a bigger fish gulps it in!

The ones I know most of the internal auditors have experienced working with are exactly the type I’ve experienced working with. And these are:

  • Those who have no sense of systems or processes and are comfortable with a firefighting approach to management.
  • Those who love to micromanage everything and anything and lose sight of the bigger picture such that all energies and opportunities are wasted.
  • Those who failed to understand their key performance metric because they got too comfy in managing an entity operating in a non-competitive market.
  • Those who brag and bloat about their past experiences but have no idea how and what of it is relevant to the job at hand.
  • Those who consider Governance, Risk Management, Controls an impediment.
  • Those who think highly of themselves and their ‘precious’ time to be worthy of dealing with ethical, policing and procedural violations.
  • Those who believe that growth should be aimed at, even if it is at the cost of sustainability.
  • Those who have nothing new to offer other than putting their name on plaques of projects that are someone else’s find!
  • Those who love to maim resistance to themselves, because they can’t get along with people already in positions, before they set foot at an entity.
  • Those who like to have bootlickers, cheats and fraudsters around them offering themselves a perpetual sense of elation!
  • Those who like to keep up with inept and incompetent resources but let go of skilled and qualified resources because they could challenge decision making and speak truth to power.

So, they can fume all they want at my lack of respect for such so called executives, who like to call themselves a leader but are not even worthy of being called a manager! And they can call me coy or coward for not stepping up to positions they’re appointed for, because I understand what I’m cut out for, again something they can’t figure out for themselves!

I understand that controls are there for a purpose. They are the means through which we mitigate risks. Risks that come with costs. So, when we advise introduction / improvement / evolution / alignment of controls against the risks once we’ve weighed the costs of those controls with the costs of risks, we’re advising avoidance or reduction in costs that come with risks and fulfillment of objectives.

I understand what risk management entails. It’s the system through which risks are identified, understood, assessed, evaluated and monitored. It is a system through which downside risks are managed and upside risks are exploited. So, when we advise introduction / improvement / evolution / alignment of the risk management system, we’re assisting entities achieve endurance, viability and sustainability.

I understand why governance is induced through statute and regulation. It’s the mechanism through which responsibility and accountability in oversight and direction is ensured. So, when we advise improvement / evolution / alignment of the governance process, we’re helping entities achieve resilience, foresight and strategic depth.

I understand why we, the internal auditors, are there either by virtue of regulation or for best practices sake. I understand how we yield a return many times over than our cost to the entities. But the most fundamental question is do the executives with the fattest of all paychecks in any entity understand what return they yield?

And what I don’t understand is why idiocy is such an essential credential for being an executive? And why is it in such abundance?

So, call me anything and all you want……but I have a reputation to keep. Even if it’s pretty badass!