We are increasingly asked by many CFOs and Internal Audit (IA) Leaders alike about what makes the “ideal” candidate to lead the Internal Audit function. Many of the preconceived answers focus on technical skills and regulatory awareness. Clearly, these two characteristics are important and their absence will become apparent after a short time on the job.
But let’s stop here and ask an easy question. Is lack of technical skills the primary reason many IA Leaders fail completely, or more commonly, fail to excel within their organizations?
Nor is it a plethora of touchy, feely soft skills that forge a successful IA leader. We haven’t seen many people succeed in Internal Audit by being in “touch with their inner child” or layering syrupy sweet “empathy” on everyone in the office.
The reason why many IA Leaders frustrate their Audit Committees, CFOs and themselves is failing to understand what they really do for a living and how this fits in with the rest of the universe.
Contrary to most consultants who have never had the pleasure (and its opposite) of sitting at the helm of Internal Audit at a publically traded company, we at Granite happen to know..cough..cough..a few people who have.
So with this, we present five ways that many destroy their career. Many of these points cannot be neatly classified as either technical or soft skills; rather they are mixtures of the two in different ratios and different shades. Sort of like life itself, where things are never clear cut and not easily classified.
We don’t know where we’re going, but wow, are we getting there fast!
Internal Audit Planning is the most overlooked part of an IA Leader’s job. So many leaders are focused on “getting things done” that they fail to realize that getting the wrong things done is more harmful than doing nothing at all.
Its spectacular to watch how little thought and effort goes into many IA plans. Planning is the strategic part of the job and it demands foresight, critical thinking and sheer brain power. So many IA planning processes consist solely of the IA leader scurrying from one executive office to another, playing the role of some sort of pseudo Sigmund Freud by asking the overused and nauseating question, “What keeps you up at night” or a variation thereof.
There are far more effective ways to put together an IA plan.
If the IA plan is sound, you know that you are auditing the right things. Your focus can largely shift toward execution. If your plan is a “he said, she said”, type of process that does not cover the major risks to the organization, then even perfect execution is meaningless. You have failed from the get go.
Loving what you do too much or…It’s all about me!
Every function within a company thinks they are doing the work of the Almighty. Marketing people believe the company’s brand does not exist without them, Operations believes that they are the only function that is required and Financial people believe bankruptcy would occur instantaneously without them.
The same is true for many Internal Audit Leaders. They tend to believe processes and controls are the company rather than a part of the company. Over controlling and layering in unnecessary process requirements is not the hallmark of a well run company.
In addition, we have seen many an IA Leader decimate their credibility by always having the same answers to every business problem; more process, more control, more documentation. Such an approach exposes the IA Leader as one dimensional, narrow minded and not very helpful to the Audit Committee, Senior Management and the Operating units.
To solidify our understanding of this point lets use the analogy of the human body. Each function within a company is like a major organ; the kidney, heart, brain, etc. Each is responsible for a major function that keeps the company “alive.” IA Leaders mistakenly see themselves as a major organ.
This is incorrect.
IA is more like the blood or the nerves that connect major organs and body parts together and allow them to work in harmony. Good governance, processes and controls communicate information throughout the company and allow the various company functions to work together as a system rather than as separate organs.
Good governance, processes and controls compliment the major functions of a company and do not replace them. They are a means to an end and not an end in themselves.
Disrespecting the Audit Committee
A common fallacy in the business world is that more information is always better. Many IA Leaders have not avoided this trap.
The Audit Committee is typically a group of senior executives with busy schedules. They are looking to the IA Leader to provide them with expert advice on governance, risk and controls. Instead of an insightful, concise and relevant presentation on the current state of affairs in these areas, we have many Audit Committees receiving reams of paper. Amongst this tsunami of data are full internal audit reports, detailed risk assessments and day by day work schedules.
So what are we saying to the Audit Committee by giving this amount of data? Well a number of things:
- I have no insight, here is the data you figure it out
- I do not have any confidence in my ability to interpret data and identify what is important and what is not, hence I am providing everything in the hopes of avoiding any blame
- I am unable to manage the day to day affairs of my function and need your detailed supervision and input
Many would challenge us at this point by saying, “But the Audit Committee wants this information!” or “They requested it!”
Our response to this is that they likely requested the data out of frustration and/or because they were not receiving the results they expected. IA Leaders will not gain the respect of the Audit Committee if they continually demote themselves to a clerk like status by simply gathering data and expecting the Audit Committee to provide the analysis and insight.
Of course the same is true when reporting to Senior Management…..Tune in next week for Part 2 of our discussion.
Have a great week,
Michael Bechara, CPA
Granite Consulting Group Inc.