Not surprisingly, I have heard some interesting things during the international conference. In particular, a lot of people have been trying to come to grips with what it is internal audit’s customers want.
(Who are those customers? Interestingly, so far, I have not heard too much discussion on this subject. It seems to be a foregone conclusion who those customers are - foregone to everyone but me. Using my powers of mindreading and reading between the lines, I am making the supposition that those customers are either executive management or the audit committee. I have not seen a whole lot about [I have not seen anything about] our customers being regulators or line personnel or even the company’s own customers. But that is actually fodder for a conversation for another day. And this has turned into a sidetrack that is turning into an all day excursion.)
So far today, I have heard the following thoughts on what our customers want: Insights into operations, solutions, help achieving objectives, reviews that relate to the stakeholders. (This last leads to the perplexing question, what is the difference between a stakeholder and a customer? But I will stop that sidetrack before it, like the previous one, veers into a different county.)
It’s a nice little list, but does it even come close to getting to the crux of the question. Let’s look at in comparison to some of the session that were held today: Model Risk Management, Measuring the Ethical Environment of Your Organization, How to Add Value, Auditing Cloud Computing, Personal Development, Independence, Audit Committee Relationships, COSO, FCPA Compliance.
Just a smattering of the topics discussed today. My question – is there a disconnect between the previous list of what we say our customers want and the sessions that are being held? I quickly add that I do not mean that the subjects of the presentations are misguided in any way. Rather, I think it shows the robust approach to the conference – the desire to provide a broad span of interesting topics and emerging issues that are true to the experience of today’s internal auditor.
No, I’m wondering if we may have been doing the right audit work based on our own intuitive understanding of what our customer want, rather than are articulated understanding. Let’s compare the described expectations with the sessions I listed. Some of these quickly align to the customer desires we have discussed. Insight into operations, solutions, helping achieving objectives, etc. are easily evidenced in sessions like risk management, evaluating ethical environments, and auditing cloud computing.
But, as we look at the other titles, we begin to realize they either do not fit so snugly into the customer expectations that have been defined or stretch to an impossible length to match those definitions. “How to Add Value” – Isn’t this more than just “insight to operations”? “Personal Development” – Isn’t this the building block of professionalism that stretches our understanding of what it means to provide “solutions”? “COSO” – Can a framework for control and risk be limited to something like “helping achieve objectives”?
Again, I am not picking on the attempts to understand what our customers want (with the sidetrack on defining our customers being noted.) And I am not questioning what has, so far, been an excellent selection of topics for discussion.
No, I’m trying to make the point that, generally, when we articulate our customer’s needs, we fall short. And maybe that is the one minor failing to this conference - where is the session that talks about who our customers are, and what they want?
(And, then again, I haven’t looked too closely. Maybe that is coming up tomorrow.)