What Would It Take to Make You More Assertive?

Richard Chambers, CIA, CGAP, CCSA, shares his personal reflections and insights on the internal audit profession.

This week I am attending the Asian Confederation of Institutes of Internal Auditors (ACIIA) Conference in Sydney, Australia. It is always exciting and richly rewarding to participate in conferences that are as professionally organized and thought-provoking as this event. By combining the Southern Pacific and Asia Conference (SOPAC) with the annual ACIIA conference, IIA–Australia has managed to attract almost 1,000 professionals to this year’s event.

During this morning’s opening keynote address, a series of questions were posted on an overhead screen and attendees were invited to “text in” their responses. The results of the responses to one question in particular have caused me to reflect on an undercurrent that seems to be in place following the recent corporate failures and the resulting global financial crisis.

The question was simple: “As an in-house internal auditor, would you be more assertive if you were not hired and funded by management?” The results were quite revealing. Sixty-three percent of those who responded said “yes.” The question did not factor in the potential role of an audit committee in mitigating the risks of potential retaliation by management against the internal auditor. However, the results were further evidence of a concern that many internal auditors feel about their ability to “call it like it is.”

As I noted in a recent blog, “independence” is an organizational attribute while “objectivity” is a personal attribute. I am becoming increasingly troubled by the indication that some of our colleagues are insinuating their objectivity may be impaired by their reporting relationships to management. I would be interested in your views.
 

Posted on May 10, 2010 by Richard Chambers

Share This Article:    

  Comments (9) un-categorized
  1. Comment by: Harish Kumar   (5/10/10 01:47 PM)   

    Difference in the attribute on "independence" is viewed as organizational standard vs, "professional objectivity" as personal creates an opportunity for arbitrage and hedging activity in financial services industry for executive compensation. This has caused a great deal of problem in case of Bear Stearns scandal and congressional hearing on "price transparency" issue on CDO type of derivative transactions. External audit firm did not think that internal audit should audit risk management at the first place. Senior management uses internal audit when it sees fits or how it sees fit mean resource allocation to internal audit is not just budget allocation issue but qualitative support for internal audit in terms of total access to records and personnel for internal audit activity end up being ignored. Internal audit personnel could abuse their power and privilege by taking relaxed approach and let external audit perform all complex and difficult to understand transactions for internal auditors. In other words, external audit wants it that way so that internal audit can just be a puppet in the hands of senior management and external auditors. It does not drive high standards of professionalism in internal audit under generally accepted risk principles. Let alone, generally accepted auditing standards under AICPA also. 

  1. Comment by: Renee Jaenicke   (5/10/10 08:15 PM)   

    I have worked both as an in-house and an outsourced internal auditor and can tell you that, Audit Committee or not, I felt more inpendent as a consultant.  That being said, I believe it depends on the CAE and the tone at the top.

  1. Comment by: Rajesh Mehta   (5/11/10 12:45 AM)   

    I agree with Renee, assertiveness depends on what top management support is available to internal audit function and also how the CAE is assertive

  1. Comment by: Michael Brozzetti   (5/11/10 02:43 AM)   http://www.boundlessllc.com

    My view is that objectivity can be impaired by reporting relationships to management. I do not know many Internal Auditors who want to "call it like it is," when they know that exposing significant problems may jeopardize their job and financial security. This management reporting relationship undermines the authority of the Internal Auditor. Authority can be further undermined when management is in the "C-Suite" and the senior most Internal Auditor carries a title that is subordinate to the "C" level pay grade, such as Director or Vice President. I recently selected a judgmental sample of 100 U.S. Corporations, and noted that less than 15% of senior most Internal Auditors had the word "Chief" in the position title. While this is not a scientific study it does suggest that the majority of U.S. Corporations do not view Internal Auditors as professionals deserving of a seat at the table.

  1. Comment by: Tim Hediger   (5/11/10 09:09 AM)   http://trhediger.wordpress.com

     I think Mr. Chambers' insinuation is correct - and should be very concerning.  I believe, as practitioners, we are receiving more and more pressure to modify our important and pertinent findings.  This situation is particularly acute when there is little organizational independence of the Internal Audit Department.

    Simply put, we are in a position of weakness because internal auditors are employees of the organization - not akin to external auditors at all.  To second Mr. Brozzetti's point, Management generally does not believe in the risk mitigation power of their Internal Audit Department's findings - they view IA as a threat.  These are structural weaknesses that Internal Auditors must bear. 

    Unfortunately, at the end of the day, money talks and...well...you get the idea.  

     

  1. Comment by: Alice Mariano   (5/11/10 10:47 AM)   

    The profession has certainly grown and organizations of varying size now have an Internal Audit shop.  Expectations of Internal Auditors at the most highly recognized companies are probably more aligned with what we aspire to do as a profession.  Some organization may have just checked a box saying that they have an Internal Audit department.  For the check the box functions... why is there a box to check, who is requiring it (e.g., rating agencies) and what are the people requiring it doing to make sure it is a valid and real function?  I would suggest that maybe there is a maturity model of Internal Audit at an organization and that some may never become a fully mature function because it is not expected or wanted by the organizations leadership.  Management has expectations and they may or may not align with the expectations we hold ourselves to.  They have some excellent audit shops out there.  Most of us probably want to be a part of one of these excellent shops but are not at an organization who fully recognizes the value of Internal Audit.  I would be curious to see how people view objectivity based on the size and type of organization.    

  1. Comment by: Anonymous   (5/11/10 11:14 AM)   

    New to the internal audit profession, I embraced with enthusiasm all IIA material on objectivity and courage; religiously following techniques provided by IIA resources to tactfully and intelligently focus on material issues to the company.    I discovered what I believe to be a very material issue in the public company I worked for, and attempted, with courage and integrity, to explain my concern to management and provide recommendations to address this issue.  However, I was let go by my own IA management, who demanded that I release a clear audit report on the day they let me go, with no explanation or rationale.  Since then I have not felt supported by own audit community, and have not yet been able to find a job.  While the IIA community encourages courage, I feel they are silent on the ugly reality of what can happen when courage is not met favourably by management.  There is no support or guidance in this situation.  Based on my experience, I ask, "what would motivate an internal auditor to be courageous, when there is so much to loose?"

  1. Comment by: David Tate, Esq.   (5/12/10 10:40 AM)   http://davidtate.us

     

    It is not likely that it will become standard for the CAE to become a position that is hired and fired by the board or the audit committee any time soon, unless (1) an influential, well-organized group or professional organization really pushes for it, or (2) there is a large, organized grassroots effort.
     
    But, do you mean to tell me that internal auditors can feel lack of support, and pressure to conform? Doesn’t your audit committee assist the board’s oversight of the company’s internal audit function, risk management and internal controls, meet separately with the CAE, and report regularly to the board re the performance of internal audit and important issues that arise. See, e.g., NYSE Listed Company Manual section 303A.07. And, doesn’t your audit committee conduct exit interviews of the CAE?
     
    Regards,
    David Tate, Esq. (San Francisco)
    http://davidtate.us
    tateatty@yahoo.com
  1. Comment by: Deb   (5/13/10 02:24 AM)   http://sites.google.com/site/debashisgupta/

    Last things first, in response to Mr. Tate: the answers are (a) Yes, (b) No & (c) No, and that's the ugly truth.  While I can understand Mr. Tate's reference to a US-specific regulation, the context had been laid down very clearly in Mr. Chambers original post, which related to deliberations at an Asian forum.  My feeling is that many of the governance structures are in place in many Asian companies only for name's sake or, as Ms. Mariano points out rightly, a checkbox item only.

    And the keyword is - Asia!  From personal experience and allegorical evidence, I've a feeling that the dynamics relating to internal audit may be totally different in Asia as compared to, say, US.  This may in part be explained by the primacy of 'family' holding in businesses (and, in many parts, for want of a better word, the 'feudal' mindset prevailing - you only have to look as far as Satyam in India if you really want to come to terms with that!).

    Mr. Brozzetti hits the nail straight on the head with his (admittedly non-scientific) finding that "the majority of U.S. Corporations do not view Internal Auditors as professionals deserving of a seat at the table"!  Incidentally, responding to my remark on one of his recent blog posts, Mr. Hediger has rightly indicated that the seat at the table can hardly be 'earned'.

    The bottomline is that while IIA puts an onerous responsibility on us to look into controls, risk and governance (perhaps in that order, depending on organisational maturity?), most of us CAEs are not even facilitated to look at real risks e.g. for many of us evaluating the strategy risk is simply an area 'out of bounds'.

    I think most of us would identify with the sentiment expressed by Ms. Mariano that "Most of us probably want to be a part of one of these excellent shops but are not at an organization who fully recognizes the value of Internal Audit."

Leave a Reply