Five Classic Myths About Internal Auditing
Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession.
Myths can tell us a lot about ourselves — or at the least, about how others see the world. But at times it seems that the most inaccurate myths are the most difficult to dispel, particularly if there is a grain of truth buried at the origins of the myth.
The modern internal audit profession has been around for less than 100 years. Yet it is amazing how many myths and misperceptions have evolved about the profession in such a relatively short period of time. And while each of the following myths is generally untrue, the fact that these myths are so enduring might be an indicator that each of us needs to take stock of how we are perceived in our own organizations. Do we do things to reinforce these myths? Or, do we need to do a better job of creating awareness of how the profession has changed? You be the judge.
Internal auditors are accountants by training.
One of the most common misperceptions about internal auditing is that the auditors are all “bean counters” who focus solely on their companies’ financial records. There is an obvious grain of truth in this internal audit myth: A solid audit or accounting background can be helpful for a career in internal audit. But internal auditors commonly address fraud risks, compliance issues, and a myriad of operational issues that are unrelated to accounting, and the auditors’ backgrounds are likely to be as diverse as the operations they audit. An accounting degree is not the only path for career success, and these days it’s not even the most common path: A recent survey by The IIA’s Audit Executive Center indicates that audit executives are now recruiting job applicants with analytical/critical thinking ability, data mining skills, business acumen, and IT skills more often than they seek applicants with accounting training.
Auditors are nit-pickers and fault-finders.
At the heart of several jokes about internal auditors is the misperception that we are dead set on picking apart processes and ruining the reputations of the people who do the “real work.” According to the myth, the auditors are viewed as the group who “bayonets the wounded after the battle is over,” distracting management from more important responsibilities.
In reality, of course, internal audit’s focus is on major risks rather than on nit-picking details. Audit resources are limited, and when auditors focus too much attention on minor issues, they are limiting the time available for addressing the major risks and controls that are at the heart of internal audit. Any auditor would rather report on a $6 million cost savings than on a $6 error!
It’s best not to tell the auditors anything unless they specifically ask.
This myth can be actively damaging, so it is unfortunate the advice has made its way into more than one “How to Survive an Audit” article. Audit clients are sometimes given this advice by well-meaning friends, but it results in less efficient audits and wastes everyone’s time. If auditors believe their clients are purposefully hiding information, whether by omission or commission, they normally will increase the scope of the audit to determine whether other important information has gone unreported. The purpose of internal auditing is to add value and improve an organization’s operations, and hiding information is against everyone’s best interests.
Internal auditors follow a cycle in selecting their audit “targets” and use standard checklists so they can audit the same things the same way each time.
This myth is less true with each passing year. Our professional standards require risk-based plans to determine our priorities, both in developing audit plans and schedules and in planning individual audits. Obviously some risks justify repeat audits on a regular basis, and there are some types of audits — for example, certain compliance reviews required by regulators — where audit programs and checklists are unlikely to see major changes from year to year. But in general, internal auditing has become a dynamic profession that can change any time an organization’s risks change.
Internal audit is the corporate “police function.”
As Lord Justice Topes once said, “The auditor is a watchdog and not a bloodhound.” In my experience, the best auditors are almost always those who create a rapport with audit customers. When an auditor’s behavior is accusing or aggressive, they are far more likely to be met with resistance than when they treat findings as an opportunity to help accomplish objectives and facilitate improvement. Breaking down this stereotype is so important that most internal audit groups actively encourage clients to think of internal audit as a coach, not a cop.
Each of these myths was closer to reality in the 20th century than today. It’s easy to think of a few specific examples where an action that reinforces these stereotypes might be justified — but unfortunately, there are too many cases in which auditors are needlessly perpetuating the myths. Are any of the classic myths true about you or your internal audit group? If so, it might be time to take a good look at what you are trying to accomplish and how you plan to reach your goals.
Changing perceptions takes time, and it often requires the combined effort of many individuals to break down a stereotype. Our profession's image is rapidly improving, but more work is needed to enhance our stakeholders’ understanding of the profession. Each of us can help to re-shape these myths and misperceptions, whether through small steps such as passing pertinent news information along to clients, or through larger contributions like sharing audit knowledge at a seminar or conference.
Each audit group is unique, and your perspective on these audit myths might be different from mine. Has your internal audit department recently made changes in any of the areas discussed above? If so, please let us know how it worked for you.
Posted on Jun 20, 2012 by Richard Chambers
Share This Article: