While I realise that we are now seven months into the New Year, I always feel that the summer, rather than December/January, is a much better time for sitting back and taking stock.
Over the summer most of us spend time away from home in a new environment, relaxing in the open air and, perhaps (depending on our budget and time available), travelling abroad and trying to communicate in another language. I always feel this mixture of relaxation, good food and wine, combined with some mental stimulation is an excellent catalyst for helping us to put things into perspective and think about what we do on a daily basis.
This is particularly true when you contrast it with the typical chain of events that lead up to making resolutions in January: usually a last-minute dash around the shops to buy gifts and food for Christmas, followed by many stressful days indoors, with very little natural sunlight (in the UK, at least), combined with too many relatives and possibly too much alcohol!
For me the December/January process usually results in half-hearted resolutions that are primarily made to comply with social convention, but which are rarely successful. Whereas, I find that plans scribbled on a napkin in a sunny piazza or on a terrace, overlooking the sea, generally last longer. They also benefit from my higher energy levels as I go back to work, refreshed, after the break.
From an internal audit perspective, another good reason to look at what you do over the summer months is that most companies have a calendar or March year-end. Consequently, if you want to make changes to the way you do things, either as an individual or a department, now is a good time to start thinking about them and, of course, canvassing your stakeholders’ opinions.
I always find it’s useful to focus on a small number of areas and for me the following four are worth thinking about:
1. How the organisation works – the value chain
One of the complaints often made about internal auditors is that they are not sufficiently “commercial”. Of course, this is sometimes just a form of retaliation from managers who have received a critical report on their area. However, on other occasions I’m sure it’s justified. As you put together your audit plan for next year, it may be worth asking yourself how well do you know your current organisation? To what degree does the Plan combine a risk-based approach, with adequate coverage of the various auditable entities (including third parties) and an understanding of the organisation’s value chain? In my experience, it takes work to stay abreast of what’s happening around the company. Are there any obvious ways you can improve your knowledge?
2. How the organisation works – the cultural / political environment
I’m a firm believer that internal audit’s job is to effect change and improve the organisation, both in terms of its control environment, but also its efficiency and effectiveness. To do this, auditors need to be pragmatic and understand how the organisation actually works in terms of how things get done.
Organisations are by their nature political, with different departments and factions all competing for scarce resources. To be effective, internal audit needs to appreciate this fact and understand the way the politics work, while at the same time maintaining independence and not being seen as aligned too closely to one individual or function. This can, of course, be quite a challenge if your department is simply seen as “part of Finance” … So now may be a good time to ask yourself to what degree does this apply to your department? Are there things you can do to demonstrate that you are really impartial?
Many of us are aware of auditors or audit departments that are not very pragmatic, raising recommendations which are never implemented. This occurs either because the recommendation does not really address the root cause of the issue, or because the Manager has not been persuaded that the risk warrants spending time or money. This is why I’ve always believed that “Agreed Actions”, developed with the person being audited, are far more persuasive and effective than a “We recommend …” statement. So, something to consider is your implementation rate. Are there particular areas / topics or even departments where your recommendations tend to get side-lined?
3. Communication / Presentation
As a general rule, people who go into internal audit tend to think in terms of facts and evidence. This is essential for our day-to-day work, but it can lead to frustration when it comes to reporting findings and agreeing actions. After all, it’s logical to believe that when the facts show there is a problem then something should be done. However, as our colleagues in Marketing know, logic isn’t the only reason why people do things! Indeed, most advertising is based on establishing an emotional connection with the consumer, following the old idea that “They may forget what you said — but they will never forget how you made them feel”.
While I’m not suggesting that we lose sight of the facts, I do think that good reports at all levels (from individual audit reports up to Board / Audit Committee summaries) should be clear, easy to read and above all persuasive. It’s worth bearing in mind that your key stakeholders are reading reports from many other departments and external sources (including firms which may be offering to outsource your department) so if you want to be taken seriously it’s important that your reports are at least as professional as theirs. An excellent book on how to write better reports is “How to make an Impact” by Jon Moon. (www.jmoon.co.uk) Jon is an accountant by training and really understands the challenges and pitfalls of presenting information. Is it time to rethink your format or style, before you go into the new financial / Audit Plan year?
Finally, whether you are responsible for an entire internal audit department, a team, or simply yourself, the summer is a good time to think about career development.
While reorganisations increasingly take place throughout the year, new company initiatives and projects are often launched to underpin new budgets, at the start of the financial year. Consequently, lobbying senior Executives to consider taking on members of the internal audit department during the summer months (e.g. in meetings as part of the annual planning exercise) can be very effective. One thing that has worked well for me is offering to provide team members on secondment or to assist on special projects where control knowledge is important. Of course this needs to be managed in terms of subsequent audit work, however the benefits can be enormous and secondments of this type often lead to permanent moves.
The better internal audit functions generally try to move people through the department and into the business over a period of three to five years. As you go back to the office after your break, are there opportunities that you could be exploiting?
Please let me know what you think. As part of my new role, I’d be happy to help where I can.
Meanwhile, I’ll be sitting on a shady terrace with a chilled glass of white wine, staring out to sea and making my own resolutions…
Enjoy the summer!
Greg Coleman is a trainer and independent consultant who helps companies identify and understand their business risks; design and implement pragmatic mitigation strategies; and ensure that the resulting approach to risk management is effective.
He has spent over 20 years, based in both the UK and US, working in a variety of governance and audit roles across a number of multinational organisations in the financial services, pharmaceutical, engineering and Fast Moving Consumer Goods industries.
 Attributed to Carl W. Buehner