Video & Slides: http://www.proformative.com/events/seven-deadly-sins-internal-audit
Do you know how to avoid the major pitfalls that can derail an internal audit function? Too many internal audit departments are held back by focusing on things that don't matter instead of what really counts. In the face of growing regulatory pressure for public and private companies, to become more transparent and disclose material information, the internal audit team will need to elevate their position within the business. Learn how to help and collaborate with your department on how to avoid these traps and make them an advantage in your business.
1. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals
The Seven Deadly Sins
of Internal Audit
Michael Bechara, CPA, CRMA, Managing
Director, Granite Consulting Group Inc.
3. • Understand and refocus on issues of critical concern to your
management and audit committee
• Learn how to avoid losing credibility within your company
• Discover on how having an internal audit team is seen as a
strategic asset to the business
4. Ask, Share, Learn – Within the Largest Community of Corporate Finance Professionals
The Seven Deadly Sins
of Internal Audit
Michael Bechara, CPA, CRMA, Managing
Director, Granite Consulting Group Inc.
6. What Makes an Internal Auditor Effective?
Technical Skills
“Soft” or
People Skills
Value & Fit
Accounting Skills
Industry Knowledge
Regulatory Awareness
Financial Acumen
Managing Employees
Professional Image
Your Boss Likes You
Understanding the value of Internal Audit and how
this fits in with the organization
7. What Does Value & Fit Mean?
Value
Fit
Understanding of Risk
Recognize costs & benefits
Ability to absorb
information quickly
Realizing problems have
many solutions
Translating knowledge into
business solutions
Gaining the confidence of
others
9. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
13. 1. Ineffective Planning
Case Study #1 – Risk assessment is forced upon IA
• Large multi-national implemented a rotational internal audit
schedule for operating units
• Every unit was to be audited once every three years
• Became hard to explain why many resources were dedicated to
auditing the “best run” units while problem units had to wait their
turn
• Senior Management and the Audit Committee became frustrated
and the audit plan was constantly interrupted and reordered based
on everyone’s evolving definition of risk
• Lesson = you end up auditing by risk anyway
14. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
15. 2. Being Self Centered
•
•
Forbes Insights Global Survey of Executives and Audit Committees
Only 44% of respondents believe that Internal Audit is helping their
organization achieve its business objectives…
…and fewer — 37% — say they involve Internal Audit in key business
decisions and strategy
16. 2. Being Self Centered
What is Needed
• Risk & Control Experts
Wanted!
• Senior Management &
the Board Value good
opinions
• Help run the business do
not give utopian answers
What Do I Need To
Know To Help?
Understand:
• Organization’s objectives
• Macroeconomic and
industry risks
Make sure:
• Your solutions support
the organization’s
objectives
Evaluate:
• The cost vs. benefits of
proposed solutions
Specifically
Open mind:
• Controls and
documentation are
great tools
• Have their limitations
Logical/pragmatic:
• Understand your role
as an advisor and
facilitator
• There are many ways
to solve internal audit
issues
18. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
19. 3. Losing the Truth
The Problem
Beware of…
Key Actions
We deal with complex issues that have many facets to them
What may seem like a serious issue can turn out to be trivial and what
may seem trivial may turn out to be very serious
The facts are revealed slowly and in pieces
Solidifying your position and refusing to reconsider based on new facts
Do not become married to positions that are unsupported by facts
This problem usually appears in Audit Reports
Audit issues have a way of transforming from the workpaper to the final
audit report
You are allowed and you should change your mind when new facts are
brought to light
Manage emotions of your team and management
You will gain respect and prestige by aligning yourself with the facts
Holding on to an outdated position will open you to the charge that “you
are just there to find something!”
20. 3. Losing the Truth
Case Study #3 – The Auditor is the Last to Know
• An operating unit of a major aerospace company releases an accounting
reserve causing a significant rise in net income
• The auditor asks the Controller for the justification for the release of the
reserve
• The Controller responds that he has none
• The issue is documented in the audit report
• Later the Unit President calls and details many meetings and discussions
and full support
• The auditor refuses to change his position and keeps referencing the
Controller’s comments
21. 3. Losing the Truth
Original Audit Report – Support for Reserves
Condition:
Management reserves were released without discussion, reasoning
and/or documentation. Specifically, a management reserve that was
released for submarine program (00084) in the amount of $1,052,779.
Management was not able to explain the logic, assumptions or reasoning
behind this release.
Risk:
Unexplained/unsupported adjustments to profitability have been made
that may create a misstatement in the financials.
Agreed Action:
Documentation supporting the logic, assumptions and calculations for all
management reserves will be discussed, documented and maintained.
22. 3. Losing the Truth
Original Audit Report – Support for Reserves
Revised Audit Report – Support for Reserves
Condition:
Support for releasing management reserves is not maintained with the
accounting data and the Controller is not involved in the discussion regarding
the release of reserves. Specifically, a management reserve was released for
submarine program (00084) in the amount of $1,052,779 without the input
of the Controller.
Risk:
The appropriate accounting treatments may not be applied resulting in a
misstatement to the financials.
Agreed Action:
The Controller will be involved in all discussions regarding releasing reserves
and will advise as to the appropriate accounting treatment based on the facts
and circumstances of the program.
23. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
26. 4. Ineffective Communication
The Temptation
These days data is cheap and readily available
Understand what is important to your audience
Not what data but what concerns
Communicate in business terms not in auditor speak
How Is this Done?
Consolidate issues from audits into common
themes
1. Get to the point or the “newspaper headline” 3. Back up your thesis with selected data
2. Develop a thesis for why this condition exists 4. Have the main body of data available
30. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
31. 5. Failing Political Science
Politics is a process by which groups of people make
decisions. The term is generally applied to behavior
within civil governments, but politics has been
observed in all human group interactions, including
corporate, academic and religious institutions.
It consists of "social relations involving authority or
power" and refers to the regulation of a political
unit, and to the methods and tactics used to
formulate and apply policy
32. 5. Failing Political Science
Why Should
We Care?
Success
Requires…
Anyone who deals with improvement needs to understand
the decision making process
We need to be sure the decisions that are made will “stick”
Solutions will be implemented far more quickly if you know
where to go
Ignore conventional wisdom i.e. the CEO is the top decision
maker
Open our eyes and observe the decision making process
Follow the decision even after its made
Key Point
Understanding the politics of your organization allows you to
formulate workable solutions to business issues that will get
implemented.
35. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective
Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
36. 6. Failing to Negotiate
Why Do We Have To Negotiate?
Negotiation is a BIG part our job
We deal with business problems
− Typically more than one solution
We are the experts but we have to take into account the views of others
Richard Chambers, President & CEO of the IIA
“It starts with relationships … with senior management, company leaders
and the audit committee. This is a service function, and you do have
clients. You do not subordinate your judgment, but you do serve.
37. 6. Failing to Negotiate
We Need To Be Flexible But Still Maintain Our Integrity
Moderation in business is a skill that is acquired through
experience
Knowing when to stand like a rock and knowing when to
compromise requires a vast database of prior experiences
Like a stalk of wheat
If you are too stiff, you will be broken and too soft you will
trampled on
38. 6. Failing to Negotiate
Tips
Focus on the end goal and not
how to get there
− The end rather than the
means
Make sure you understand the
other position
Make the other side work
− Demand suggestions!
Career Development
− Develop an understanding of
what has significant impact
Traps
Compromising on the wrong
issue
Bringing an external audit
mentality to internal audit
Never developing the ability to
distinguish between critical and
non critical issues
40. The Seven Sins
Threats to Value and Fit
1. Ineffective Planning
2. Being Self Centered
3. Losing the Truth
4. Ineffective
Communication
5. Failing Political Science
6. Inability to Negotiate
7. Destroying Credibility
41. 7. Destroying Your Credibility
• Credibility is Internal Audit’s biggest
asset
• If credibility is lost, we have nothing
• Our entire profession is based on
“Independent Assessments”
• If these assessments cannot be
believed then they are worthless
42. 7. Destroying Your Credibility
Ways to Destroy Your Credibility
Acting on initial feelings
Listening to people that try to feed you information or “inside
data”
Forming an opinion on data that you or your team have not
independently verified
Sharing this unverified data with others (Even worse!)
Relying on reputations, forecasts and preliminary opinions
43. 7. Destroying Your Credibility
Ways to Build Your Credibility
Make judgments and voice opinions based on actual audit
testing and documentation
Do not be swayed by, or act on, rumor or “inside information”
Do not discuss the audit results except with those who must
know
Not depending on past performance during audits
Only presenting issues that you have personally reviewed
44. 7. Destroying Your Credibility
Case Study #7 – He said, she said but there was nothing
• At a company gathering, many operating unit heads made
negative remarks about Unit A
• The Head of IA was taken aside many times and told that he must
“do something” about Unit A
• Threats were made about the competency of the Head of IA if he
did not act
• No hard evidence was presented
• Fortunately the Head of IA did not react and during later audits
the Unit was found to be very well controlled
46. Back to Value and Fit
Value & Fit
To be successful we need to understand how we provide
value and how this fits in with the organization
A solid base of technical skills and regulatory knowledge
is a basic requirement
This Means…
The ability to translate this knowledge into effective
and pragmatic solutions that others will buy into
Having the credibility and integrity to deliver this to
the organization
The Result
What separates the executives from managers