Latest questions:
Trending questions:
Hot questions:
Making Audit part of the solution
- What strategies are you using in the Audit function to become part of the solution for changing behavior within your organization? Versus being the solely responsible for flagging problems?
6 answers
Few things that can stop process leaks and avoid flags during the audit -
1) Training and Communication of the processes to the team.
I think each member of the team has to have an exact knowledge of the process and tools. It has seen with lack of communication or knowledge, a lot of gaps do occur.
2) Templating your process / less human more tools
I think it is a good idea if the processes can be templatized and verified against the audit rules automatically. With changing the behavior of organizations, this is little tedious to do but good technology tools (like JIRA one that comes in my mind ) etc can help you in that.
3) Strong internal audits
Internal audits are must and should be conducted at a regular time.
These all seem old practices, but basics are always the best.
Audits by their very nature create angst/stress in an organization with auditors bent upon finding deficiencies in internal processes and process owners hoping they find perfection. The reality is that audits are opportunities for feedback and improvement and this needs to be the attitude that is communicated by leadership. It also needs to be how the organization accepts the feedback and embraces identified opportunities to improve.
Most corporate organizations aim for a slim setup, means a low headcount. This philosophy is related to Edwards Deming and his understanding that the whole organization is one big system. Such a holistic approach requires that Audit not limits itself to identify the problems and deliver a short guidance how to solve them, but furthermore they have actively accompany the other functions in the problem solving process.
Yes in many cases, internal auditors identify problems but do not either (a) take care to mention mitigating factors if any {that is left for the management to explain later} or (b) use their expertise to go the extra mile to recommend ways to improve the situation and thus raise business performance.
Further, I've seen numerous cases where the initial draft of reports (and in some cases even the finally issued report) are worded in an inflammatory way. The principle there should be - If there is no value in informing senior management that there was an issue, then there is no need to detail it—except, perhaps, to say that “additional issues were identified during the audit that were immediately corrected by management”
And then-auditors spend ample time in the field and their key findings sometimes consist of issues management already knew about? Does that work add value unless the management had hidden it and not reported to their bosses? Wouldn’t it make more sense to partner with management to ensure all of your invested time and effort are adding value?
I'd want internal auditors to play the role of a strategic business advisor apart from the traditional roles. i.e. sit with the business managers say once in a quarter and chat about changes within organisation, relevant external changes that are happening and that might happen. If the new changes are considered as 'an emerging threat', the auditors can help business managers do a real time risk assessment and can share with them common findings derived through audits and best practices that can make them better risk managers.
Auditors can also research industry best practices and identify best practices to share within the organization. At least one audit department can develop a database of best practices appropriate for their organization from these sources. and thus become a knowledge centre for the organization.