The Inevitable Challenge of Mending Broken Fences

Richard Chambers, CIA, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. 

 

Anyone who has spent much time as an internal auditor has inevitably generated audit results that created friction or tension with those whose areas of responsibility were audited. Sometimes, even the most professionally executed internal audit with the most constructively written report can land with a huge thud. The results of our reports often are used as the basis for evaluating management performance. Unfavorable results have been known to cost executives a bonus, a promotion, or even their job. Adverse audits can damage relationships. Call it a “broken fence.”

It is practically impossible to avoid occasionally breaking fences in our line of work. It is a hazard of the trade, so to speak. But no internal auditor can function effectively if surrounded by broken fences. A successful internal auditor learns, over time, the fine art of fence repair.

How do you mend the broken fences? My first piece of advice is to work tirelessly to avoid breaking them in the first place. Anticipate potential consequences of audits and try and mitigate the damage before it happens. For example, discourage the use of internal audit report ratings or results for punitive purposes. As I have observed previously in this blog, also avoid the use of inflammatory words and phrases. Strive continuously to ensure the tone of the report does not foster lingering animosity on the part of management.

It goes without saying that you must make sure your report is valid. And if it points out that the officials who are responsible made mistakes, make sure it also accentuates the things that were done well. I always included a “management accomplishments” section in every audit report. If it was an audit report with particularly damaging audit findings, I usually put a little extra effort into calling out pertinent accomplishments.

Avoid assigning blame to individuals by name or title, but rather speak to systemic failures and control weaknesses, without pointing fingers.

That said, you’re going to run into the situation, if you’re in this business long enough, where fences break. No matter how congenial you might be as an internal auditor, if you are doing your job correctly, there will be an occasion where, in order to call it like it is, you are going to have to say something that will create hard feelings or damage relationships on the other side.

If a fence is broken, you should seriously consider a fence-mending mission. Here are five strategies I have used to mend damaged relationships as a result of an audit:

  1. I engaged in a frank and open discussion with the offended party or parties. I asked them to share with me their candid feelings about the accuracy/fairness of the reports and what they believe internal audit could have done differently/better. These sessions can become contentious, so check your ego at the door.
     
  2. I have used a customer satisfaction mechanism that solicits feedback from all audit clients. The ability to vent without a face-to-face confrontation can be therapeutic where someone has been offended.
     
  3. I have admitted mistakes and owned up to opportunities for improvement on internal audit’s part, if mistakes were made.
     
  4. I have tried to demonstrate genuine empathy when engaging with someone who felt wronged. If an internal audit report cost someone their bonus, I put myself in that person’s shoes when talking to him or her about our relationship going forward.
     
  5. I have learned that mending fences can take time. If management feels that trust has been breached, or we have done them wrong, it will take time for them to recognize that our work is balanced and objective. So, be patient.

Why should we care if fences have been broken? Well, internal auditors have to “live where we eat.” What will tend to happen, once a fence is broken, is that the managers in that area won’t want you to audit them again. Every audit after that will start with a contentious relationship. Internal auditors cannot be effective in the long run if they are surrounded by broken fences.

Are you good at mending fences? Have I oversimplified a complex issue? What has worked for you? Share your best practices.

Posted on Aug 19, 2013 by Richard Chambers

Share This Article:    

  1. Excellent article Richard. This is one of those articles that a lot of us should live and breathe by. ERM in this case means Enterprise Relationship Management. If an internal auditor and his or her staff cannot learn this concept, the internal audit function will not be effective.
  1. Thanks a lot Richard, as auditors i believe we are either breaking or mending fencing everyday. Like you said we need to commit ourselves to mending which i believe is easier said than done, but we have to, for our work's sake. However sometimes in our reports its required of us to spell it out as it is,in some cases we just cant avoid pointing fingers.Our reports ought to add value by communicating the truth about weaknesses and strengths in the control system so i am afraid that if we resign to nicely worded reports we may fail in this responsibility. Avoiding to burn bridges will not always mean that fences will not be broken,its a hazard in our work like you said. Thanks for the tips you mentioned. I always put effort to discus my report with the client first before passing it on . This way i make him/her aware of my findings and it gives them the chance to ask questions and say how they feel about it on a face to face basis and i can explain my reasons and so forth. This helps to keep communication lines open which is vital for future engagements. We must remain relevant by adding value.
  1.  Will it be better to exclude the investigation activities from Internal Audit purview?  Some organizations, like ours, entrust the investigations in Internal Audit.  It has many positives and also many negativity to it.  What is your view?

  1. Thanks Mr. Chambers for the article and timing. As you mentioned, we always took extra caution in our report when communicating negative news, but again, as you said, sometime our profession require us to call what it is, the key is not to surprise anybody, especially if it is bad news. Thanks for the tip, it's intuitive, but very helpful to point it out loud!

  1. Richard....

    I thought your article is the most difficult and most important role internal auditors have to continually work at.  As a CAE for 17+ years with one company, if i do not continue to work on people, people, people and the relationships that go with it we would not be effective.  We just had our 6th IIA QA  Review done last week and the client survey feedback and the report provide us a barometer of where we have broken fences and where we need to focus on mending relationships.  Thank you for bringing this subject to the forefront.   

     

Leave a Reply