How Many Auditors Did It Take Last Year?

Richard Chambers, CIA, CGAP, CCSA, shares his personal reflections and insights on the internal audit profession.

When I hear jokes about internal auditors, usually I can just laugh and blow it off. After all, there are plenty of jokes about doctors and lawyers and pointy-headed bosses, so why shouldn’t jokes be told about us? I attend quite a few audit conferences, and I’m used to the occasional joke about how internal auditors are heartless, or how we have dry personalities, or even how (dare I say it?) we "get in the way" when people are trying to do “productive” work. Once in a while, though, a joke strikes a little too close to home. 

I was at a conference in Canada last week, and a speaker asked, “How many internal auditors does it take to screw in a light bulb?” The answer: “It depends. How many did it take last year?”
At first I laughed. A moment or two later, the joke made me pause and reflect — so much so that I completely missed whatever the speaker said next. I’ll never know what point the speaker was trying to make. But when they tell jokes about us that sting a little too much, there may be a perception problem that we need to address.
Do people see internal auditors as not being risk-focused? Are we such creatures of habit that we perform the same audits, with the same level of resources, and make the same recommendations year after year, regardless of the actual risks? Absolutely not! At least, not as far as I’m concerned. Yet, the joke still resonates.
I know that risk is at the heart of what we do. Our International Standards for the Professional Practice of Internal Auditing require not only annual risk assessments, but risk assessments at the beginning of each and every audit. From there, we develop objectives and frame the scope of the audit based on the risks. Businesses change, industries change, procedures change — so, in theory, audits change. Why would we be viewed as automatically doing the same thing we did last year? Are our risk assessments too cursory? Are we relying too much on last year’s workpapers to address this year’s risks? Do we ask the same questions each year without stopping to find out what is really keeping management up at night?
When the people we work with make a joke about auditors, after we laugh, maybe we should look for the hidden kernel of truth that makes the joke funny — or not so funny. 

Posted on Oct 3, 2011 by Richard Chambers

Share This Article:    

  1. Well said, Richard. Its OK for us to tell jokes about ourselves, because in the telling we are making it clear that what is portrayed is not OK.

    By the way, internal auditors don't screw in lightbulbs. We simply point out the deficiencies and let management fix them.


    Ha-ha-ha-ha-ha. I like this one…
    "The auditors have just left, sir.""Did they check the books?""Very thoroughly.""What did they say?""They want 15% to keep quiet."


  1. One reason for the misperception of internal auditors could be the lack of communicating how audits are performed and how value is created. I have often seen IA mission statements including something about creating value. However, the "customer" quite often does not realize this value creation - maybe because of inefficient or lack of communication. 

  1.  I have noted that most people outside of internal audit don't know the difference between internal audit and EXternal audit.  The joke in the article applies more to external audit in that the focus of an external audit is the representations of the financial statements.  This is a rather finite and limited scope of what goes on in a company and therefore is more prone to being done 'exactly like last year'.  After all, you are reviewing for the same set of financial statements, only the numbers change from year to year.  (ok, a bit oversimplified, but you get the point).

    Internal audit should be different than that, if it is not, then what is the point of INTERNAL audit?  Internal audit looks at the business process (is this a good line of work for our company, is this a good contract, are the details of contracts being followed?)  Also, controls are reviewed in far more detail than external auditors would care to look at.  Internal audit cares that the controls work as intended and whether or not additional controls need to be in place.  This is an entirely different focus than verifying that internal controls exist such that we can rely on the financial statements in all material respects.

  1. They say many a true things are said in jest.  Despite all the focus on being risk, we as a profession still sweat the small stuff.  We have to do a better job in getting rid of the perception.

  1.  I defnitely agree with Richard Sieben's comment also with Thomas Boegballe- Yes, we need to explain the "why we do" aspect of auditing. Let us not be seen as 'watchdogs' but rather as Process & Control Checkers who assist management in mitigating risks.

  1. Joke : 1. Audit Committe asked to Auditor - " Two and Two makes...what ?" Auditor Said, " During our audit, we observed that two and two makes four." Audit Committee asked again, " Are you sure?" Auditor said, " Noting has come to our notice that two and two makes five..!"

Leave a Reply