Making Audit part of the solution

  • What strategies are you using in the Audit function to become part of the solution for changing behavior within your organization? Versus being the solely responsible for flagging problems?
Audit Committee
Culture Change
Financial Services
Regulatory Documentation
Maria Lachapelle
49 months ago

6 answers


Few things that can stop process leaks and avoid flags during the audit - 
1) Training and Communication of the processes to the team. 
 I think each member of the team has to have an exact knowledge of the process and tools. It has seen with lack of communication or knowledge, a lot of gaps do occur. 

2) Templating your process / less human more tools
 I think it is a good idea if the processes can be templatized and verified against the audit rules automatically. With changing the behavior of organizations, this is little tedious to do but good technology tools (like JIRA one that comes in my mind ) etc can help you in that. 

3) Strong internal audits
 Internal audits are must and should be conducted at a regular time. 

These all seem old practices, but basics are always the best. 

Hitesh Mathpal
49 months ago
I agree to "less human more tools" and to have effective templates, so that the other job functions understand the findings and they way it got identified. The human side can then be better invested to "sell the finding" and explain its impact on the company. With higher empathy, personal conflicts can be avoided. - Patrick 49 months ago

Plan the audit and prepare both a checklist and a schedule. Share the plan with the team to involve everyone. Perform the audit and summarize the results. The tone of writing is important as audit usually deliver with bad news. Follow with the findings.

Paolo Beffagnotti
49 months ago

Audits by their very nature create angst/stress in an organization with auditors bent upon finding deficiencies in internal processes and process owners hoping they find perfection. The reality is that audits are opportunities for feedback and improvement and this needs to be the attitude that is communicated by leadership. It also needs to be how the organization accepts the feedback and embraces identified opportunities to improve.

John Kaestle
49 months ago
Agreed - Dr. David E. 36 months ago

Most corporate organizations aim for a slim setup, means a low headcount. This philosophy is related to Edwards Deming and his understanding that the whole organization is one big system. Such a holistic approach requires that Audit not limits itself to identify the problems and deliver a short guidance how to solve them, but furthermore they have actively accompany the other functions in the problem solving process.

Patrick Henz
49 months ago

 Yes in many cases, internal auditors identify problems but do not either (a) take care to mention mitigating factors if any {that is left for the management to explain later} or (b) use their expertise to go the extra mile to recommend ways to improve the situation and thus raise business performance.
Further, I've seen numerous cases where the initial draft of reports (and in some cases even the finally issued report) are worded in an inflammatory way. The principle there should be - If there is no value in informing senior management that there was an issue, then there is no need to detail it—except, perhaps, to say that “additional issues were identified during the audit that were immediately corrected by management”
And then-auditors spend ample time in the field and their key findings sometimes consist of issues management already knew about? Does that work add value unless the management had hidden it and not reported to their bosses? Wouldn’t it make more sense to partner with management to ensure all of your invested time and effort are adding value?

I'd want internal auditors to play the role of a strategic business advisor apart from the traditional roles. i.e. sit with the business managers say once in a quarter and chat about changes within organisation, relevant external changes that are happening and that might happen. If the new changes are considered as 'an emerging threat', the auditors can help business managers do a real time risk assessment and can share with them common findings derived through audits and best practices that can make them better risk managers. 

Auditors can also research industry best practices and identify best practices to share within the organization. At least one audit department can develop a database of best practices appropriate for their organization from these sources. and thus become a knowledge centre for the organization. 

Raju Venkataraman
49 months ago

One thing I have done is to come into the process sooner and offer best practice by identifying other contacts within the company to help support the 'auditees'.

Cynthia Watson
48 months ago

Have some input?