You often see those photographs about various subjects with the titles what x or y thinks I do. The whole point of these is to be funny, but the humour comes not just from the fact that different groups have different objective perceptions of the item being described, but also because each one, though an extreme interpretation, has enough truth in it to be recognisable. So I thought it might make sense to pick up on the different perceptions of internal audit.
So here goes:
- What my Dad thinks I do. When I explained internal audit to him, he summarised it as, “you basically go around, have a bo-peep at what others do and write about it”. “Erm yep, I suppose” was my reply.
- What my Mum thinks I do. My Mum has worked in a public sector environment, so has experienced audits of various types. I suspect she thinks it is about processes and ticking more than it really is.
- What my friends think I do – Drink coffee and do very little I suspect. Perhaps bean count? Tick through financial transactions?
- What my finance colleagues think I do – Probably check the money, tick through transactions, verify cash and look at financial controls.
- What senior management think I do – Well this depends on the scale and level of their enlightenment. For the best management teams I have worked for, I guess be their eyes and ears, protect them from unmanaged risk, be a nuisance (at times) push hard for improvements, provide a source of unbiased advice, perhaps be risk averse on occasion. For those less enlightened managers – worry about things that will never happen, be unrealistic about resources available, demand unattainable control, cause a nuisance in collaboration with the non-executive audit committee.
- For the audit committee – Sort of like external audit but write longer reports.
- For the general public – Not a clue “Opposite of external audit?”
- For customers – “Internal what?”
- For regulators – Provide 100% assurance and protection of their interests.
- For the board, or owners – “Not sure – don’t they help out management rather than protect our interests?”
- What I think I do – Protect owners and boards through my review and oversight of good governance; protect and support senior management through oversight of good risk management and control. For junior management, stand full square with them to tackle the same jointly shared risk profiles through challenge, advice and support. For the customers and beneficiaries of the business – support the better and more efficient delivery of benefit through constant challenge to improve the achievement of objectives.
- And finally – what I actually do – Try to manage a host of competing interests, high demands, within a small resource envelope whilst trying to bring a team on from a purely compliance and financial auditing methodology to a genuinely risk based audit (and this I think applies across the whole profession).
Don’t ever feel sorry for us CAEs, however. We have the most interesting organisational jobs, working with some of the brightest and best, at the top of the organisation and in our teams, making a real difference to our organisation’s owners’, senior managers’, junior managers’ and beneficiaries’ lives. We can look at anything of interest, we are not bound in an organisational or professional silo and can create the world as it should be.
I genuinely cannot see why anyone would not want to be an internal auditor! Can you?