Whose Risk Is It, Anyway? When Management Says ‘No’ to Internal Audit

Posted on May 28, 2014

One of the most frustrating events in my career was one of the first times an internal audit client firmly and repeatedly said “no” to one of my recommendations. It was an important point and I tried to explain my reasoning. Management agreed with the finding, but believed corrective action would be too time consuming and resource intensive. My supervisor also supported me, and we believed the risks of not implementing corrective action would be very high for the enterprise. But neither of us could persuade management to implement the recommendation or even find an acceptable alternative course of action.

continue reading...

Walking a Tightrope: When Stakeholder Expectations Don't Align

Posted on May 20, 2014

One of the features that makes internal auditing so valuable to modern enterprises is that we serve multiple stakeholders, including the board, various levels of management, and even external auditors and regulators. One of the challenges is that these stakeholder groups often have very different expectations of us, and very different perspectives on how we add value.

continue reading...

For Internal Auditors, Awareness Begins at Home

Posted on May 12, 2014

Most of us in internal audit leadership roles naturally assume that board members and management fully understand our capabilities and appreciate the value that internal audit can deliver. But do they really understand? And if they don’t, whose fault is that?

continue reading...

Should We Try to Keep Everyone in Line?

Posted on May 6, 2014

A surprising number of internal audit recommendations spring from these “Who’s on first?” quandaries. That’s one of the reasons we spend so much time preparing flowcharts and narratives aimed at delineating responsibilities. Duplication of effort is almost always viewed as inefficient, and gaps are generally viewed as risky. 

continue reading...