CIA Recruitment

A new focus for Audit International and our clients is ESG. But there is one thing all of us are perhaps not considering as much : ESG’s impact on the workplace.

Environmental, Social, and Governance (ESG) factors are changing how companies conduct business in many ways, including:

– New ESG or climate-related disclosure regulations to comply with, especially in Europe.
– The need to effectively identify and manage ESG risks (including compliance, financial, and reputational risks), and integrate them within the existing enterprise risk management framework.
– Bringing a host of environmental and social metrics at par with financial information, especially with regards to data quality. There is a growing need for investor-grade ESG data.
– Ensuring that ESG factors give you a competitive edge in attracting investors, customers, and talent.

But there’s another change brought by ESG that’s not getting enough attention: The effects on workplace interactions.

– Firms that ‘get ESG right’ understand that ESG isn’t the responsibility of only one person. You can’t simply appoint a Vice-President or Director of ESG, or just place ESG under the Chief Financial Officer or Chief Sustainability Officer.

– Also, different departments can no longer work in their own little world with occasional collaborative efforts across functions. The important changes brought by ESG will also bring fundamental changes to the workplace.

The ESG team :
ESG is a team sport. People from different departments will have to work together as part of a single team.

You may be in Finance, Legal, Risk, HR, EHS, Sustainability, Operations, IT, or Procurement, but now, in addition to your regular teams and colleagues, you will also be part of the ESG team.

And your company’s ESG team will play a critical role because strong ESG performance drives corporate performance.

This represents a significant shift because suddenly key employees will have to align with a new set of stakeholders. They will have to work together with colleagues they might not have worked with before, or even knew. Here’s a sample of the types of interactions to expect:

EHS will have to provide key metrics to Finance for combined financial and ESG (or non-financial) reports.
EHS will also have to show to Finance and auditors (internal or external) how they provide limited or reasonable assurance on the data.
Procurement will seek guidance from EHS and the Sustainability team on how to capture greenhouse gas emissions data to calculate Scope 3 emissions.
HR will be asked to provide more tangible metrics on DEIB to Finance for inclusion in the combined financial/ESG report.
Did you bring together key stakeholders across departments as part of your ESG strategy?

Have you recruited members of your ESG team yet? If this is a topic you are actively hiring for, then please get in touch with us here at Audit International to assist you with any hiring needs you may have.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Our journey discussing the benefits of auditing organizational culture is coming to an end. Audit International began this series by introducing initial cultural auditing concepts in the first article. Then, in the second article, we continued by more closely examining the first half of the top ten tips that were outlined. In this, the final article of the series, we wrap up with the second half of that list and conclude our analysis.

Auditing culture-
Auditing culture requires involving a wide range of stakeholders and will require you to consider alignment of the desired culture to the actual activities of many people. As we have seen, the leadership in the organizations and the people within the business are clearly very important. To get a true sense of culture you will also need to consider organizational partners and outside service suppliers.

If culture is the way things are done more informally, then this impacts everything in your entire organization’s wider sphere. In this context, procurement may be an important stakeholder to engage with in any cultural audit to better understand their selection methodologies, allowing you to form a view, for example, on how they consider cultural fit in the selection of any third-party suppliers. It also goes beyond the selection of suppliers to how we treat them once they are in place. Does the organization treat them fairly, or is the focus on cost at the expense of other, more important matters?

Ensure that you consider both design and operating effectiveness –
Auditing work should be examining both design and operating effectiveness. Cultural reviews are no different but have the tendency to focus on design at the cost of operating effectiveness. As with all audit work, you would typically begin with a risk and control assessment which can be developed in line with the cultural levers you have identified. Typically, an auditor would then request documents, allowing some desktop analysis ahead of the interviews. Interviews with management can focus on whether they understand the desired culture and can clearly articulate this, while also identifying which levers they see as being particularly important for ensuring the culture is real and lived on the front line. Interviews should also probe the extent to which management role model the desired culture every day and ensure their teams’ activities are in line with the culture.

However, understanding operating effectiveness requires a wider approach and talking to a wider range of employees. Focus groups or surveys can be effective to gather data from employees and may provide more diverse views. If focus groups are operated, they will require additional skill, with the lead needing to manage the group so that a fair range of positive and negative views are heard.

Despite the limitations of cultural measures these too should be requested for each of the levers to understand the extent to which the organization has cultural measures and whether the results are acted upon. Measures that you may wish to consider typically involve people management activity, such as employee turnover, exit interview data, grievances raised by employees, whistleblowing information, and absence data. Other areas should also be explored, such as customer complaints data. However, collecting these may present a challenge. If culture is important in the organization, then it will be available and likely reviewed. If not, there is the potential your first audit finding on the need for management to have appropriate measures in place to track whether the desired culture is being delivered in practice.

In Audit International’s experience, there is no, single best way of conducting cultural audits. Rather, you need to form a view of what is right for your organization. One aspect you will need to consider is whether you conduct specific cultural reviews in your audit plan, have it as a component in all audits that you conduct, or draw out cultural consideration into an off-plan piece of work. I’ve seen all aspects of all three of the options successfully implemented.

Don’t go for a grand plan –
It is important that you consider how you introduce cultural auditing into your program of work. It’s a sensitive topic, and management will often be wary of audit getting too involved. Your internal audit colleagues may also be nervous about whether an area like culture can, in fact, be meaningfully audited. The best advice being — don’t go for a grand plan, but rather start small, test, and learn as you go. This includes building support from the Board and executive leadership by demonstrating, as you go, the insights gained from the cultural examination you have completed and the possibilities to go further with increased resources and business buy-in to this challenging area.

This lends itself to the suggestion to start with a pilot, or a proof of concept, where you identify an area of the business to work with and look to introduce the concept of auditing culture at this point. This should be an area where you know you have a senior auditee who is an advocate of internal audit and willing to work with you to make the pilot a success. Audit International have found that success breeds more success and considerable momentum can be delivered in this manner. Early on, it is also good to share examples of your work and the value it is bringing. I call this the “test, share, and impress approach.”

Collaborate with your business colleagues –
It is also very important to work with the business. The tip here being: Collaborate with your business colleagues – independence is a mindset. Audit International have spent time with many auditors who have been reluctant to collaborate in any deep manner with the business, citing the audit charter and the need for full independence from first-and-second-line activity. We agree, our independence as internal auditors is very important. We need to be objective in all we do to avoid threatening this. However, Audit International don’t believe independence means that we cannot work closely with the business where it makes sense to do so.

One such area, for example, is the identification of the cultural levers discussed earlier – an organization-wide conversation on this is helpful in building appropriate understanding and support for the examination you wish to conduct. Also important is the identification and quick access to relevant data for your cultural work, both at an organization-wide level, but also in divisional units of your business. There is likely to be shared interest in this area, particularly with your HR function. Given this shared interest, it makes sense for all those interested in cultural understanding to come together to share ideas and data for the benefit of the business. For example, this may mean developing a shared data area that all can access. Identify across your business who is interested in this space and join with them to share, learn, and progress.

Upskill all auditors at all levels –
Finally, ensure that the program of work you want to introduce is a sustainable approach to auditing culture. Find a way to get your people behind this approach. At heart, we are a people business and any push to audit this challenging area on a sustainable and systematic basis will depend on the skills and knowledge of your teams.

This leads to the final tip to upskill all auditors at all levels. As we identified earlier, your impact is likely to be much higher if your teams integrate consideration of cultural levers and impacts throughout your audit work and not just in any standalone audit you may do. Understanding the nuances of culture is not simply reserved for HR and psychologists but is a core competency for all auditors. This should be reflected in the recruitment and development approach for your team.

This is likely to mean that if you are going to make cultural assessment a core part of your internal audit work you will need to provide training to the audit team. This will need to cover the organizational cultural levers that you have identified, the data that can help you understand these levers, and the interviewing techniques that will need to be employed to get to actual, as well as espoused, culture. Be honest with yourself and acknowledge where you don’t have the skills that are needed. You will likely need to draw on other sources of expertise, including business and external consultancy support. These can allow you to supplement both the capacity and capability of your team.

And, of course, think carefully about how you organize to deliver this challenging area of work. Our current view is that a multidisciplinary (sometimes called Hybrid) approach is most successful. This is all about how you set up your operating model to deliver your cultural audit work. Some larger functions have established dedicated, well-resourced teams to examine culture in their organization and have staffed this with a blend of expertise, including behavioral psychologists. This group of specialists work alongside and coach front-line auditors who are then encouraged to consider cultural levers in all their audit work as we discussed earlier. Clearly, this is more relevant for larger organizations, but even in smaller functions, you may choose to appoint a cultural lead (or champion) with the responsibility to support and drive the integration of cultural aspects into all your audit work.

Conclusion –
There is no silver bullet for the successful development and implementation of a cultural audit program. Hopefully, the tips that Audit International provided throughout this series of articles will be a useful catalyst for your work in this space as you consider the conditions needed for you to achieve momentum around the idea of auditing culture in your organization.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International now bring you the second part in this three part series – Having introduced the initial concepts of what is involved with auditing organizational culture in the first article of this three-part series, we now can begin the process of drilling down and more closely examining the first five of the top ten tips to conduct a culture audit.

Identify your cultural levers:
The first step to successfully conducting a cultural audit is to identify the daily management activities that occur throughout the organization – your cultural levers. These levers look to align the culture we desire with the day-to-day activities of everyone in the organization. If we understand what leaders focus on to deliver this alignment, then we have a starting point for identifying what to test to provide our opinion on the effectiveness of culture.

Cultural levers often vary from organization to organization, so you need to work with management to identify what is influencing behavior within your specific organization. However, there are areas that I would expect to see. Published value statements are significant and an indication of what should be happening. Leadership is also significant, not just at the top but cascading throughout the organization at all levels. In this context, the organization’s approach to people management is vital with the impact this has on encouraging the behaviors that are needed for success. However, culture goes much deeper and is present in the management of other resources, including areas such as customer engagement, complaints handling, supplier management, corporate responsibility, risk management structures and profile, and internal and external communication.

This may appear daunting, but a well-organized approach to assessing each lever can quickly identify areas that are not truly aligned with the espoused values; a clear indicator that desired culture is not operating as expected.

The next four tips examine these cultural levers more closely to illustrate what they mean and to help inform you about the questions you might want to consider testing in order to arrive at an opinion on the organization’s culture.

Reputation:
Employees watch what leaders and key individuals in organizations do and how they operate. They see the dissonance between what the organization is saying, both in its external and internal communication, and their lived experience of working there. Assessing whether there is alignment is a key aspect of any audit of culture. This is even more important given the increased focus over recent times on aspects of corporate and social responsibility and the push for Environmental, Social, and Governance (ESG) activity from investors. Acquisitions of ‘greenwashing’ in your communications can be hugely damaging. This means that it is important to pay attention to external reputation and its alignment with internal messaging and should be considered across all social media.

Leadership:
The third tip is all about the examination of leadership’s role in owning and managing the culture in the organization. In internal audit, we need to examine whether this is occurring both at design and operational effectiveness levels. We are there to check that the activities of leaders are aligned with the espoused values and are supporting the delivery of the business strategy. In our audit work we should be looking for a consistency of message and actual managerial behavior. Leaders play a pivotal role in managing the business such that there is consistency across activities and that they work toward delivering the required culture for success. To do this practically, we need to build audit programs that look for evidence of areas such as misalignment in leadership actions and customer-centric examples that manifest in the practical activities of front-line colleagues. Leadership should be able to clearly demonstrate actions that they have conducted that help move the organization closer to accurately living the culture and evidence-measurement activity that supports this.

In this context, during an audit, I would expect leaders to be able to articulate how they ensure the culture is embedded through their team’s day-to-day activities, including examples of how they role model the culture in their own activities and interactions. Interviews will form a significant part of assessing these. However, data analytics can also be used to examine areas such as communications from leaders over a period of time looking for references to culture.

Simply put, what you are looking to establish here is whether the fine words on a page have a living connection with reality and link through to a real impact on the delivery of the organization’s strategy.

People management:
This leads us to the next cultural lever – people management. The key here, as with all aspects of cultural audit, is alignment. Across the entire employee lifecycle the behaviors we need to exhibit for the business to be a success need to be front and center. This starts with the employment brand, which should signal to potential recruits what the organization’s values are and includes the testing of new recruits against this. Objectives need to be set not only about what is needed to be delivered in terms of financial results, for example, but also how these results will be achieved.

Performance management needs to be expertly conducted to explore the colleague’s contribution to delivering organizational success in the way we want it delivered. This should be a continual process and include ongoing dialogue, not just an annual form-filling event. Promotion decisions should clearly consider this aspect and signal to all colleagues how behaving in the right way counts for personal success.

In developing your audit program, you need to consider all aspects of the employee lifecycle: attraction, reward, management, development, and exiting colleagues. In reviewing all these aspects, you need to be cognizant as to where the controls are operated. In most organizations, while the Human Resources function is likely to have a key role in the design of many of the practices mentioned, the management of the risk and operation of the controls largely sits within the business units of the organization. That is the place you need to be testing reality, not just within the HR function.

Identify key processes and assess alignment:
Next, we move on to two heavily connected cultural levers: process and change. When reviewing your organization, a key step is to identify the processes that are critical to the management of the organization’s culture. From this, you can review whether their operation is consistent with the outlined culture. In this case, we mean the culture promoted not only to your employees but outside your organization through your brand and external image to customers and other important stakeholders.
Employees, in their scanning of the organizational environment, will spot processes that do not sit well with declared ideal behaviors and values, where potentially the organization is looking to put short-term gain before longer-term goals. If these exist, it sends a huge signal to customers and colleagues that leadership does not really mean what they say. Included in these key processes are likely to be many of the internal processes around people and supplier management, but, most significantly, processes around how you deal with customers and how you respond to their feedback and complaints.

Alongside this, consideration needs to be given to how the organization’s change programs identify how changes they are looking to enact to systems and processes promote the desired culture. Change programs are a key touch point where the organization can ensure that the culture is being reflected in operating practices. However, they can also be a point of risk. Delivering efficiencies, while at the same time undermining the desired culture, can create problems that are hugely difficult to unpack.

Next up, in the third and final installment of this article series, Audit International finish identifying and discussing the remaining top ten tips to audit culture and conclude the journey that set out to help you deliver cultural insights within your organization. We hope you’ll stick with us.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

At Audit International, we understand auditing organizational culture is a challenging area for internal audit. Culture is dynamic, and regularly changing. Successful auditing of culture requires a holistic approach across the internal audit function covering the development of internal auditor skills, adjustment to audit methodology, and buy-in from the business regarding the value insightful culture auditing can bring.

In this first article of a three-part series, Audit International examine and discuss the various factors for successfully auditing and influencing culture in your organization.

What is organizational culture, and why does it matter?
Before looking at how you audit culture, it’s necessary to first have a good understanding of what you mean by culture and why it’s important to organizational success.

The classic definition is around the phrase coined by Charles Handy, “the way things are done around here”. While helpful for us to gain insights into auditing culture, we need to unpack this further. Culture is about the interaction between values and behaviors and how these are seen in the organization’s activities and interactions with the range of stakeholders it has (e.g., employees, customers, suppliers, and society).

Top ten tips:
Given the fact that you are reading this article, hopefully you are already convinced that internal audit has a role to play within the organization when it comes to assessing culture. You may already be on this journey delivering cultural insights through your work to your Board, or you may simply be interested in learning more about how to begin this journey. Whichever stage you find yourself, the following top 10 tips will provide you with some initial and practical thoughts that provide a view on culture and the direction needed to influence both management and the Board.
1 – Identify your cultural levers
2- Reputation, Identify whether the organizations actions and messaging, internal and external, are aligned
3- Leadership, Do they own and manage the culture?
4- People Management, Is desired culture integrated into people-management activities?
5- Identify key processes and access alignment.
6- Auditing culture, is this holistic approach being considered by a wide range of stakeholders?
7- Be sure that you consider both design and operating effectiveness.
8- Don’t go for a grand plan.
9- Collaborate with your business colleagues, independence is a mindset.
10- Upskill all auditors at all levels.

In the coming second and third articles of this three-part series on auditing culture, Audit International will take a closer look and provide a more in-depth examination of each of these suggested ten tips. These follow-up articles will offer examples and provide opportunities to more successfully audit and influence the culture at your organization.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

With one in five people pledging to pursue career goals and ambitions in their New Year Resolutions, Audit International have researched career experts advice on achieving these in 2023.

New Year, new (career) you! More than 20% of people toasted the start of 2023 with some form of New Year’s resolution and one in five of those pledged to pursue new career goals.
But with January now over, many of those good intentions may have already fallen by the wayside. If that sounds familiar, you’re not alone. In fact, people will typically ditch their ‘New Year New Me’ resolutions by the second week in January.

If that strikes a chord, don’t despair. Audit International has taken some insights from careers experts on their top tips on getting your career back on track.

Re-evaluate your current career choices :
For those with an established job, or who have taken time out of work to start and raise a family, it can be daunting to consider a new industry or completely change career path. However, it’s never too late to take your role in a different direction or re-enter education.

“If you’re looking to change careers in 2023, it’s important to evaluate your previous experience up until now. Consider which parts of your current or past job roles have brought you the most satisfaction or fulfilment, as this can help guide your new career path,”.

Adopt a continuous learning mindset :
Passing all of your exams is an amazing achievement, but that’s when the real learning starts. “Don’t assume you know everything now. Listen and ask questions and make notes and look things up. Every day is a school day!”

Work on your soft skills :
To get ahead in your career it’s also important that you develop soft skills that complement your technical prowess. “As part of your role, you will be expected to provide advice to clients and companies on any number of specific issues they may be experiencing, so developing strong soft skills including clear and concise communication, empathy, and the ability to make decisions to help resolve conflict will be key to your continued success.”

Develop a killer network:
Natural networking is everything. LinkedIn bombing everyone you think might be useful to you is annoying and will rarely achieve anything. Show an interest in everyone you meet and connect in a more genuine way. Try not to just focus on people you think are ‘important’.

Be authentic :
As an accountant, you are well-organised, a skilled number-cruncher and have a keen eye for detail. But as your career progresses and you become a team leader, you will need to focus more on management and people skills. If you get promoted to a management role without any formal training, it can be easy to act like the type of manager you’ve seen in the past. “People buy people, so be yourself, not the manager you think you should be”.

Focus on developing relationships :
Accountancy is a task-oriented job and it’s easy to get lost in the daily grind of completing tasks and hitting deadlines. But the real value you add as a manager is building relationships with staff and being an enabler and facilitator for the team. That means getting to know your colleagues on a personal level and understanding their strengths and capabilities.

Keep your eyes open for growth opportunities :
Don’t get bogged down in short-term deadlines and tasks. “These need to be done for sure, but you should also look more widely to find new areas of growth and challenges that can help you advance in your career”. That could mean studying for a qualification, taking on new responsibilities, or joining a cross-functional team. “Always look for ways to build your skills and contacts and your career will progress nicely.”

Don’t limit yourself to one area :
One of the best ways to elevate your career is by making sure you don’t limit yourself to just one part of the accountancy industry. “Gaining experience in a variety of roles – especially during the first few years of your career, as you decide the areas in which you thrive and most enjoy – will build your confidence and will provide you with essential skills that help boost your long-term career prospects”.

Connect with a mentor :
Regardless of where you are in your accountancy career, having the advice of someone more experienced than you can be invaluable. If you are unable to secure a mentor through work, it is also worth approaching people that you work with who could help you, or you could even look at joining an association that could pair you with someone.

Don’t put too much pressure on yourself :
It’s always good to be ambitious when it comes to your career and education, but avoid putting too much pressure on yourself when it comes to achieving all of your goals or training courses by the end of 2023. “Comparing yourself to others or putting pressure on yourself can lead to you feeling overwhelmed or burnt out. Take as much time as you need and find flexible options that work for you, especially if there are other important childcare or work commitments to take into consideration.”

Be ready to flex. Having a long-term career plan is great. However, things change and you will get frustrated if you can’t adapt or sometimes go with the flow.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

There is currently a misalignment in the world of Internal Audit. As Richard Chambers and AuditBoard’s 2023 Focus on the Future Report reveals, there are key areas where significant gaps exist between risk levels and planned efforts. The ability to attract and retain top talent, macroeconomic factors and geopolitical uncertainty, and business model disruptions due to the evolving risk landscape were all listed as top concerns for major organizations, yet only 13-20% of businesses have meaningful plans to devote substantial resources to these issues. Internal audit teams need to be ready to identify and address this kind of disconnect to ensure that their organizations are positioned for success in 2023. In this article, Audit International will identify three top internal audit trends, the challenges they present, and how internal audit teams can leverage software solutions to deploy team resources strategically against the most pressing concerns — setting themselves, and their business, up for success.

Trend 1: Velocity of Risk and Technology Change
Teams must continually provide assurance while adapting to evolving risks, digital disruption, and regulatory changes. Today we’re seeing significant contributions from the digital revolution, climate change, and stakeholder expectations, as the speed of decisions, the amount of connectivity, and the availability of data have all increased. Companies are learning that they have to balance pressures regarding what’s coming from governments, investors, and society as a whole. Stakeholders expect companies to act legally and with a conscience, and regulators are focusing on things like climate change, data privacy, and security.

Challenges in this area hit in numerous ways. First, there is an expanded purview required from emerging technologies and related risks. Second, there are repeated shifts to audit scope that put new burdens on teams. Third, there is an increased depth and breadth of data that brings along associated issues — including data reliability, related required team efforts, and resource constraints.

Technology can help audit teams develop solutions for these issues. Audit planning software accelerates risk and change responses from teams. With this preparation, teams can create risk-based audit plans with risk metadata to allow for efficient execution and continuous assurance.

Trend 2: Growing Internal Audit Talent Gap
Staff shortages, changing attitudes towards work, and a pre-existing skills gap are increasing talent risk and influencing how internal audit teams approach their work. Many teams are reporting that they are losing talent and struggling to replace them. Meanwhile, for the remaining team members, expectations are growing. They want to do more, and we need to keep them engaged. We have to support the folks that we have and give them opportunities to work in cybersecurity, sustainability, and other areas of interest.

The challenges created by the talent gap are as expected. Due to greater cost-cutting and efficiency demands often put in place by organizational leadership, teams are being asked to do more with less as headcount may be frozen or cut. There are the aforementioned difficulties retaining people and improving their skills, plus there are increasing specialization and training needs for team members.

A technology solution in this area is software with resource planning capabilities. This can help teams manage, optimize and retain talent by deploying resources more strategically, and it allows teams to improve individual and overall skills, efficiency, and experiences.

Trend 3: Align With the Business Objectives
The highly competitive corporate landscape and economic disruptions are driving the internal audit profession to refocus efforts on improved strategic alignment. Richard Chambers speaks often about auditors needing to become agents of change. When contemplating initiatives like cybersecurity, diversity, equity, inclusion, and third-party risk management, executive teams and audit committees all want better strategic alignment from internal audit teams. Internal audit must understand and embrace stakeholder needs and challenges so that we can better support their strategic initiatives.

The challenge for internal audit teams in this area is aligning audit with business priorities, which isn’t always as simple as that might seem. Plus, there is an increased requirement to validate internal audit resources. We have to start thinking in new ways, provide more value propositions, and be able to deliver more in less time.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Let’s face it. Even here at Audit International, we understand Internal audit still suffers from some rather negative stereotypes. There are plenty of companies or units where internal auditors are not welcomed with open arms. Audit clients may view internal audit with suspicion, expecting a “gotcha” mentality or may feel like they are under surveillance.

Sure, it’s often undeserved and some of it comes with the territory, but we may even be perpetuating such negative views with the words we use. Words and phrases that internal auditors consider just a normal part of the profession’s vocabulary may actually be words that trigger negative reactions in our audit clients. And often, internal auditors don’t realize they are contributing to the hostility by using them.

Words matter and good internal auditors choose them carefully. But auditors are also as prone to using professional jargon as anyone. These are words that have become so commonplace that we might not think too much about what they really mean, especially to others. We all use them. Yet, how they might be interpreted may not be how we intended. So, what can we do about it?

Here are seven words that we should consider their meanings more closely and either use them more carefully or strike them from our vocabulary completely.

1. “Finding”
Most internal auditors call what we consider reportable (in writing and verbally) a “finding.” Think about that for a moment, though. It’s not as if the vast majority of our audit observations were hiding or lurking in some hard-to-discover, dark and foreboding place, and it took our best Indiana Jones skills to unearth them. Lo and behold, ah ha! We have a “finding.” The word relates a context of sleuthing and uncovering things that were hidden, perhaps intentionally.

So put yourself in the shoes of your audit clients. We come along and have all these “findings,” as if they weren’t doing their jobs and it took us to find these gems of reportable conditions. Worse yet, we are often reporting as “findings” what audit clients told us directly. How would you feel if someone walked through your house and told you at the end of their visit that they found the carpets needed vacuuming, the furniture needed to be dusted, and relayed a few other of their insufficient housekeeping “findings.” You’d likely be inclined to never invite them back.

Try using the words “observations,” “conclusions,” or “conditions,” rather than “findings.” You may find they work better in your organization. Audit clients will feel less like they are being accused of hiding information or that they didn’t see something that the auditors later uncovered.

2. “Weakness”
When we observe an issue, we also sometimes couch that issue by using another troubling word, “weakness.” We may not be able to avoid calling breakdowns in internal controls, as they relate to SOX-like work, “control weaknesses” if the controls are not working as they should (or at all). But we should avoid calling observations outside of controls “weaknesses,” if possible.

Think about it. You go into the manager’s office during an audit, and you say, “excuse me, if you have a few minutes I’d like to go over a few weaknesses that have come to our attention during our review of your area.” Expect immediate defensiveness. We might as well be criticizing their first-born by pointing out weaknesses in how the child looks or plays with others. The word connotes physical ineptitude and can strike a visceral blow to any manager’s ego.

Like weaknesses, “deficiencies” isn’t any better for all the same reasons. So, perhaps, try “opportunities,” or “matters for attention,” rather than “weaknesses.” Even “challenges” or “difficulties” will garner a better response from audit clients.

3. “Material”
While the term “material” has been part of auditing language forever and, although tough to really quantify, is an important and meaningful word. I mean, if it’s not material why look at it or consider it at all? We also have the SOX-related nomenclature of “material weaknesses” (which people want to avoid as best as possible). Look, if you tell someone something is “material” and it truly is agreed that it is “material,” that’s a big deal.

Yet when we tell someone who is the owner of something that we want to talk with them about a matter that is “material,” what would be the natural reaction of the person on the receiving end of that word? Disbelief, denial, and outright defensiveness are natural human reactions when told something is “material,” in a bad way, which affects them or their responsibilities. Think about being in the doctor’s office because you have not been feeling well. After a bit of consultation and tests, the doctor comes in the room and tells you that there is something “material” to discuss. You are likely to act with disbelief, denial, and defensiveness, naturally. The word conveys an urgency we might not intend. Do we really want our clients to react that way, now or in the future?

Note that “material” has an important legal context. The Securities and Exchange Commission defines “materiality” as anything a reasonable investor would deem relevant to their decisions about whether and how to invest. While it’s important to use this word carefully in this legal context, it’s also easy to adopt the word and use it outside this context, which can result in misusing it. Another problem with “material” is that it implies that everything else isn’t important or that other aspects of an audit client’s work are meaningless, which is not a great sentiment to convey.

So, perhaps, when you don’t really have to use the word “material” (or “significant” for that matter) in consultation or in writing, maybe consider some different language. Hey, there’s something important I want to run by you when you have a moment, and maybe we can write about the top matters for attention without calling them “material” (unless, of course, we must).

4. “Disclosed” or “Uncovered”

Like the word “finding,” the word “disclosed” (or the word “uncovered’) has a similar connotation. It’s as if the issue was hiding and no one knew about it or would ever find it without you, and your brilliance—the internal audit superhero with x-ray vision. OK, sometimes things were truly hidden, unintentionally or, worse yet, purposefully, and we did use our internal audit superpowers to uncover it and then we get to puff our chest and—cue music here—disclose it. But, come on, that’s rare.

Yet, we use the terminology all the time. For example, resulting from of our testing, it was disclosed that blah, blah, blah. Or, based on our review of the area, it was uncovered that yada, yada, yada. Now, if you’ve got sneaky and underhanded clients, who are going around hiding stuff from you that you truly uncovered and want to disclose to the world, then fine. But most clients don’t do that, and you want to collaborate with them in the future.

Imagine how you’d feel if the external team you hired to do your Quality Assurance Review (QAR) started telling everyone, verbally and in writing, what their work (and only their work) disclosed and uncovered in your internal audit department? How would you react to that? “Disclosed” implies that something was formerly a secret and now you are airing the dirty laundry out for the world to see.

So, maybe we need to back off the “disclosed” and “uncovered” language, at least a bit. Options might include, “along with management, we identified …,” “taking full stock of the evidence, it can be concluded that …,” “testing demonstrated that …,” or similar language. Just don’t use “revealed” instead. That’s just as bad.

5. “Entrance” and “Exit”
OK, you may need to bear with me a bit on this one.

We’re going to start an audit project, and our first meeting with the client is called, in many companies, an “entrance meeting.” Then, when we’ve concluded all our fieldwork, what do we call the last meeting with the client to wrap things up and ride off into the sunset to work on the audit report for weeks on end? The “exit meeting.” They are decent terms, descriptive of exactly what they are … our entrance (ugh, the auditors are here) and our exit (yes, they are leaving, let’s party).

Let me ask you this, though. Is this audit, the one you are doing an entrance into and an exit from, the first and last time you will ever see these folks? I sure hope you have an ongoing relationship and are interacting all year long, or at least on occasion. If that’s the case, there is no entrance and there is no exit because, like the song Hotel California, you may never leave. And, if you’ve done your relationship management right, they are happy about that.

The point is that “entrance” and “exit” are old-school terms from when we did things on a cyclical basis and may or may not come back. Back then, relationship-building was less important and audits had a fixed beginning and end. So, maybe we need to stop calling them “entrance meetings” and “exit meetings,” and just call them something else that isn’t so clinical and auditor sounding. Schedule your Project Introduction Meeting at the beginning and, maybe, your Project Wrap-Up Session at the end, or something like that. And, if you are well down the path of an agile implementation, all that entrance and exit stuff becomes moot anyway.

6. “Consulting”
Back in 1999, the Institute of Internal Auditors introduced the well-accepted and globally codified definition of Internal Auditing as: “An independent, objective assurance and consulting [emphasis added] activity designed to add value…” Back then, the word “consulting” was viewed positively. And, for internal audit to be positioned to not only provide assurance, but to also be viewed as a consultant? Well, to borrow a ’90s term, that would be “da bomb!”

But, somewhere along the way, the word “consulting” came to be viewed less positively, and we’ve started to insert the word advising to soften the term. Should we blame consultants for tarnishing a good word, and making people view consultants and, in turn, consulting, negatively? Perhaps, but that’s not the point.

We all want to be advisors, and the gold standard, the place to be, the coolest accolade, would be to be trusted and be an advisor. So, in our pursuit of being that vaulted trusted advisor, let’s drop the word consulting from our vocabulary, once and for all. Look, your clients might want to “consult” with you, but hopefully you are “advising” them.

7. “Satisfactory”
Often, we as auditors don’t want to overcommit, and use words that might get us into trouble later if something is determined to be different than our work concluded. There is just so much we can evaluate and then we must draw a conclusion and move on. So, we settle on words like “satisfactory,” even if things are notably better than the word implies. From an internal audit perspective, we are hedging out bets. We don’t want to be overly flowery with praise, and just conclude something is either “satisfactory,” “needs improvement,” or “unsatisfactory.”

Put yourself on the other side of the table. Let’s say, for instance, you’ve worked hard at something, gone the extra mile, and made sure it was done exceptionally well. Then, someone comes in, looks it over, and decides that things seem “satisfactory.” Ouch, gut punch! You put in a ton of effort, expected to get an “A” grade, and the professor gives you a “C.” That’s kind of deflating.

Let’s not forget that the word “satisfactory” means acceptable or good enough, but not outstanding or great. Yes, there are reasons to fall on the crutch of concluding, placing our highest auditor grade on something, that it is “satisfactory.” But, perhaps, if we can avoid it, we take the risk, rely on our work, and conclude that something better than a measly “satisfactory.” Don’t be afraid to say if something is exceptional, great, works well, or exceeds the requirement.

The Last Word
There is a lengthy list of good reasons, justifications, and rationalizations for why we use the words we do as internal auditors. Many of them have stood the test of time. Many are in use, and still exist, because we are hearing the world through our own ears, and not our clients’.

If we stop for a minute, and consider what these words sound like and what they actually mean, and the impressions they may leave on the ears of our clients who hear them, perhaps they are not the best words to use. Perceptions are reality, and if you want to change perceptions, maybe one way to do that is to change our vocabulary. In other words, say what you mean and mean what you say.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

In 2023, organizations may face new and expanded cybersecurity and compliance mandates, which could vary from location to location and from one industry to the next. As a result, your organization may be looking to obtain a certification or will need to pass an audit for a specific set of standards or requirements.

While recognition for demonstration compliance or receiving certification is a great reason to celebrate, the process leading up to that is often time-consuming and sometimes dreaded, especially if you must undergo an audit first.

But audits don’t have to be as frustrating as they once were. With the right resources and tools, you can pass your next audit with ease. Here are five tips from Audit International to help:

Know your current program state.
Don’t wait until the audit is underway to find out where you might have gaps or weaknesses. Go ahead and assess your current compliance state so you know what you need to address before your real assessment gets underway. Consider using a cybersecurity compliance platform that automates these assessments for you and look for a platform that gives you real-time compliance scoring, so you’re never caught off-guard if something isn’t functioning as you intended or you’ve overlooked an important control or other security measures.

Document and evidence.
You can do everything correctly and score 100 on your current assessment, but if you don’t have a document repository that puts everything you need right at your fingertips in one place, or if you can’t supply all the necessary proof and evidence an auditor may want, you likely won’t get credit for what you’re doing right. Put away those binders of dusty old printouts you haven’t looked at since your last audit. Instead, use a cybersecurity management platform to track and retain all of your evidence and documentation all in one place for easy, shareable access with your auditors.

Put teamwork to work for you.
Instead of chasing down who’s responsible for which compliance requirement and trying to understand what they’re doing and how well they’re doing it, use a compliance management platform to help you automate task assignments, track progress, send alerts when those tasks are complete, and assign new tasks as they pop up. A platform like Apptega can even externally alert your auditor when your team has completed an evidence request or other necessary task.

Communicate across your organization.
One of the challenges in building a compliance culture is often that program managers speak industry lingo and not the same language that people in different roles within the organization can understand and relate to their day-to-day responsibilities. Instead of scrolling through hundreds, maybe even thousands of rows of data to find what you need for your next compliance conversation, consider using a compliance management platform that has a pre-built library of reports you can quickly draw on for your next engagement, whether that’s your C-suite, an auditor, or your tech team.

Don’t go at it alone.
While you can meet all the requirements on an audit prep checklist, the reality is when you work on a program, it’s easy to overlook issues an outside eye might catch. Before your next audit, go beyond a self-assessment and consider working with an outside compliance consultant to take a closer look at your existing program and help you seek out and address issues before your auditor finds them.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International are stating the main Risks and Actions companies are putting on their 2023 internal audit plans. The past year concentrated attention and shone a spotlight on the increasing fragility of organizations. With a complex set of risks manifesting simultaneously, audit committees are prioritizing some of the most serious implications resulting from the ongoing war in Europe and a triple squeeze of supply chain, workforce and inflation pressures.

According to data from Gartner’s 2023 Audit Plan Hot Spots report, which identifies the key risks and recommended actions for Audit to benchmark their efforts against in the coming year, 81 percent of Chief Audit Executives polled have cyberthreats on their agenda to cover in audit activities over the next 12-18 months, with an additional 13 percent tentatively planning to do so. Even in a year with a high number of varied and seemingly imminent risks facing organizations, cyberthreats remained an agenda topping item for Audit Committees and senior executives as the drivers of the risk shifted from a generalized focus on inadequate security controls to specific need to prepare for highly sophisticated state-sponsored cyberthreats and new cyber breach disclosure requirements. Even as some risks remain perennial threats, shifting drivers can change the nature of the risk and need for updated mitigation and coverage plans.

Cyberthreats, however, are not the only vulnerability an organization faces in an increasingly fragile world. In developing this year’s report, the need for Audit to support their organizations through rethinking their approach to resilience in the face of growing fragility became evident as a key theme underlying several top organizational risks. These risks are generally under-covered in audit plans for 2023, in some cases less tangible and immediate than the category of risks that have been urgently prioritized as a result of the headline events of this year.

Resilience-related risks are manifesting with real world and high-velocity consequences all the same, and Audit needs to understand the risk indicators, urgency drivers and the right questions to ask the business to ensure that rethinking resiliency is on the agenda in 2023.

Below I review three such risks and strategies for Audit on how to approach them.

Climate Degradation
Nearly six in ten CAEs have no specific plans to provide assurance over climate degradation next year. This in and of itself is a key risk indicator for most organizations, as a failure to refresh business continuity plans related to climate risks puts an organization at higher risk for a key infrastructure failure and related loss of productivity among other risks.

While CAEs generally express limited confidence in their climate coverage plans, rethinking resilience means going beyond sustainability reports and identifying vulnerable assets. Audit departments need to incorporate in their plans the inevitability of increasingly severe weather events and mitigation strategies for the loss of key infrastructure, both their own and that of key third parties, such as suppliers.

Culture
Even more challenging for Audit is culture, traditionally a key source of resilience for many organizations that now is fraying under the weight of new working models (hybrid/remote), social and political polarization and a general lack of connection felt by employees who are reporting witnessed misconduct at rates 30 percent lower than pre-pandemic.

Despite such challenges, only 16 percent of CAEs are revisiting culture in light of shifting sociopolitical expectations of their workforce, investors and the media for next year, and just 10 percent report they are highly confident in providing assurance in this area. Internal Audit needs to push the business on reassessing how employee expectations and engagement are monitored in a hybrid and remote world, while policies related to political and social issues need to be formulated now and not in real time during a crisis.

Organizational Resilience
Ultimately, rethinking resilience means covering organizational resilience as a dedicated risk that is part of the audit coverage plan. Organizational resilience, broadly defined, is an organization’s ability to withstand shocks. This is likely to become ever more important in the face of new and ongoing geopolitical tensions, which can abruptly trigger a set of interconnected but differentiated risks to manifest simultaneously. While refreshing scenario planning and mitigating against change fatigue are necessary steps in this process, building true organizational resilience requires a view into the interconnected risks facing an organization and developing resilience-related initiatives across the enterprise.

With less than half of CAEs definitely planning to cover organizational resilience next year and just 32 percent highly confident in providing assurance specifically on matters of resilience, it’s clear there is more work to do in establishing this as a top audit priority. Chief Audit Executives can regain momentum by launching activities that encourage collaborative discussions between business units on interrelated risks and reviewing plans to address change fatigue within their organizations at a time when events over the past two years have likely dramatically diminished capacity in this area.

While these resilience-related risks feel less tangible and urgent than mitigating against “clear and imminent” dangers like supply chain vulnerabilities and state-sponsored cyberthreats, they are important and increasingly acute risks in their own right. Viewing them through the lens of rethinking what it means to be a truly resilient organization can be a useful framework for starting the right conversations within the Audit Committee and formulating effective coverage in next year’s audit plans.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we understand that virtual interviews have become the go-to method of interviewing. So how do you prepare?

Lights! Camera! Action! Are you mastering virtual interviews in your job search?

According to this survey, 33% of employers have an exclusively remote interview process with 21% holding in-person interviews for the final round only.

Audit International might be being “Captain Obvious” here, with a list of the five ways to avoid sabotaging your interview:

1. COMMUNICATE YOUR CALENDAR
If you live with others, let them know when you have a scheduled interview to prevent any interruptions. Take a step further with a sign on the door, locking the door to prevent people from barging in and closing windows to prevent outside noise.

2. FIND A NEUTRAL BACKDROP
Create a distraction-free environment. Test the audio and video to ensure sound is clear, lighting is strong, and the laptop is the right height. In addition, consider purchasing a ring light that attaches to your laptop for optimal lighting. Best to use a natural background rather than a filter.

3. CLEAR YOUR SCREEN
Close all windows and applications on your laptop. Mute any default notifications on all nearby devices so your interview is uninterrupted by pings or ads popping up on open tabs.

4. ESTABLISH GOOD EYE CONTACT
Make eye contact during the interview to establish trust, convey confidence, demonstrate professionalism, and indicate interest.

5. PREPARE FOR THE UNEXPECTED
“If you take these steps to rid your interview space of potential distractions, you’ll be able to focus on what really matters—connecting with the interviewer across the screen, demonstrating your qualifications, and learning more about the opportunity to determine if it’s right for you.”

Are there any other top tips you can think on to add to the list?

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”