Big reveal, like the type(s) I like, later! The title should be concerning enough for the internal auditors and not for the clients. Since clients often confuse nature, methodologies, domains and scope of internal audit engagements as its types. But some clients have such a clarity about internal audit that they themselves typify internal audits.

And in so doing, they essentially typify the internal audit function as a whole. See, like toothless vs ruthless, docile vs rebellious, submissive vs offensive, accommodating vs rigid, influenced vs independent, etc. And a type I heard for the very first time; not vibrant!

Meaning thereby that an internal audit function may or may not be vibrant. So, what is this vibrance, what has it got to do with internal audit and if it is an important measure, how is it measured? And what can an internal audit function do to improve upon its ‘vibrance’ score? Let’s break this down first. Worry not, I’m also trying to grasp it while breaking it down!

In the context of internal audit, vibrance would possibly mean an internal audit function that is energetic and enthusiastic. That would in turn mean an internal audit function that’s passionate about internal auditing, the value internal audit interventions add to the organization’s fulfillment of objectives and the return on investment in internal auditing.

Put simply, it’s about the effectiveness of internal auditing. If an internal audit function isn’t effective, it can’t be vibrant!

Thus vibrance, however, one may interpret it, has everything to do with internal auditing. It appears to be an important measure of internal audit abilities. An internal audit function that’s not vibrant probably means it lacks the energy characteristic of a high-performance function.

Vibrance is to internal audit what performance is to an engine!

How do we measure this vibrance of the internal audit function? Is it measured by the internal auditors or by the internal audit clients? Is it measured by the number of internal audit interventions or by the coverage of the internal audit strategies and planning? Is it measured by the value added in terms of change introduced or by the ‘nuisance’ value it represents?

Can KPIs over internal audit function’s performance measure its vibrance? However, way it is measured, the internal audit clients appear to be the best judge of the vibrance score!

The first time I heard about this vibrant and non-vibrant (types of) internal audit was from an audit client. So, it won’t be wrong to assume that it will be the clients who could tell how vibrant or non-vibrant an internal audit function is. And if that’s so, it’s only they who can tell how an internal audit function is doing on the vibrance front!

But where does this typification of audit as vibrant or not come from? What’s the origin? Like before I haven’t got anything to offer here as well except for further questions!

  • Is it the ages old (mal)practice of pre-auditing that makes it vibrant or not? Since pre-auditing used to be authoritative as it allowed or disallowed transactions, especially expenses? Is the practice of pre-auditing what made internal auditing vibrant?
  • Were external auditing and its statutory role, when auditing was only about financial records and activities, what characterized internal auditing as vibrant or non-vibrant? Since financial records and activities commanded the most significance amongst all records and activities and internal auditing too was perceived to be largely tilted towards financial records and activities?
  • Is it the ever-green perception about the auditors being the fault finders / being the policemen?
  • Is it the belief that audits exist to find frauds?

It’s not necessarily the yesteryear’s perceptions and beliefs about internal auditing or auditing in general that might be behind this vibrant or non-vibrant typification. It might as well be about the expectation of what internal audit could do and could deliver in the present or in the future:

  • Governance system that internal audit could help develop and improve?
  • Internal controls that internal audit could help introduce and evolve?
  • Risk Management framework that internal audit could help build and strengthen?
  • Policies and procedures that internal audit could help conceive and improve?
  • Processes and systems that internal audit could help design and make effective?
  • How do internal audit help the entity become sustainable?
  • The degree of positive organizational change, for which internal audit is the agent?
  • How does an internal audit align itself with the entity’s purpose and aids in the entity’s goals accomplishment?
  • Is internal audit an adviser to business?

However, I leave it onto you to decide how many clients of the internal audit even in this day, and age think about internal audit in this way! Let yourself be the judge of that!

Before I move on to my final thoughts on the typification of internal auditing, I’d like to recall what internal auditing is. It’s an independent and objective assurance and consulting activity designed to add value and improve an organization’s operations. This organization is the entity that has invested in the internal audit. The internal audit serves this entity. And since this entity is out together to serve the interests of multiple stakeholders, internal audit is a service to all those stakeholders.

Internal audit strategy, charter, audit universe, planning and almost everything is reviewed by management and approved by the governing Board. It is the eyes and ears of that governing board, being the third line of defense. The ‘type’ of service these stakeholders desire from the internal audit is the ‘type’ of the function that internal audit is or becomes! So, the most pertinent of all questions is, is it the internal audit that’s typified or is it the typified mindset that drives internal audit to provide certain type of services?

I’ve answer to this one at least: it is the type of audit clients that are responsible for the ‘types’ of internal audit functions one could witness or experience! The beast or the beauty internal audit is exactly the type of audit clients it serves!

Like the ones:

  • Where ethics and control environments are merely good paper optics!
  • Where governance is still a prisoner of the statutory codes or certain personas!
  • Where risk management is still just a fancy concept, good to have!
  • Where controls are still considered to be an impediment to growth!
  • Where policies, procedures, processes and systems are thought to be an impediment to growth or a compliance headache!
  • Where investment in internal audit is copied and pasted from countless other similar entities!

These type of audit clients are in abundance; they far outnumber us! We cannot serve them all because quality is a rarity and it needs the clients to first grow consciousness and conscience!

There’s no such thing as a vibrant or a non-vibrant internal audit function. There’s only one Internal Audit, I know; one that serves to improve and evolve the Governance, Risk Management and Control systems through its unrelenting objective and fiercely independent interventions, fully supported by those charged with governance.

 

For internal audit, effectiveness isn’t vibrance, vibrance is effectiveness!

There’s no point in standing up for something if you are not going to stand up long enough for it to be resolved! There’s no point of identifying and reporting matters if you are not going to back them up! That’s what a non-vibrant internal audit will be; a non-existent one.

The only measure of internal auditing performance evolution that matters in the current times is adviser vs assurance provider! If the function isn’t even at the assurance provider level, it is nowhere!

If you think there’s a vibrant internal audit that you haven’t experienced before, you haven’t experienced internal audit!

Its time you think which potential internal audit client type best explains you. Though none of these is ‘vibrant’!