Posts Tagged “audit”

How to Conduct an Ethics Investigation from Beginning to End

Posted by External Dev | September 14, 2023 | Audit Career Trends, CIA Recruitment, Forensic Audit, Fraud Audit

Ethics investigations can be challenging for just about any organization. If done right, an ethics investigation can help you identify wrongdoing and unethical behavior and put a stop to it before your organization pays the price for not maintaining a conducive and compliant work environment.

A poorly executed ethics investigation, however, can become a full-blown legal case, with the organization risking reputational and financial damages.

Customers and Shareholders prefer engaging with a business that’s known to be highly ethical. This means your business has proper systems for reporting, investigating, and implementing recommendations to improve ethics within the company and its workforce.

But how can you conduct a successful ethics investigation to ensure the least possible legal and reputational trouble for your business? Here’s a look into the process.

What Would Warrant an Ethics Investigation?

A workplace ethics investigation is typically conducted when there’s credible information about significant misconduct, wrongdoing, or ethical lapses within the organization. These include office theft or fraud, health and safety violations, misconduct such as harassment and workplace violence, and time theft, such as altering time sheets for greater earnings.

An ethics investigation can also be warranted if there have been allegations against other employees to exclude the possibility of wrongdoing within the company. For instance, employee whistleblowers expose fraud in an organization 43 percent of the time compared to professional internal auditors, who only successfully uncover it 19 percent of the time,.

An ethics investigation aims to protect the company’s and its shareholders’ interests. It detects and prevents violations and misconduct, identifies areas where the business can improve its internal operations, and ensures the company’s activities comply with applicable laws and regulations.

An ethics investigation will unearth whether suspected misconduct did or did not take place, the circumstances leading to the misconduct, the involved parties, and whether the law or company policy was violated. An ethics investigation must be perceived to be independent, thorough, and analytical.

Whom Should Be First Informed of an Ethical Issue?

Typically, employees should be able to report potential ethical issues to their manager or supervisor. If this option is impractical or the manager or supervisor can’t resolve the issue, they should be able to speak up to people in higher positions and get the audience they need. This may include making a complaint through the company’s compliance hotline or corporate ethics office, where their reports can be heard and determined impartially and with maximum confidentiality.

Ensuring employees have a clear channel for making complaints and addressing them is crucial to avoiding lawsuits related to ethical issues and compliance and saving your organization expensive legal fees.89% of employees who sue their employers do not receive a satisfactory resolution to their issues internally.

What is the Process of an Ethics Investigation?

An ethics investigation can take various stages depending on the industry or organization and its ethics investigation process. However, most investigations take the following steps.

1. Taking the Initial Complaint
An ethics investigation begins when you’re alerted of unethical behavior by someone within the company. The employee will file the complaint through the necessary channel or people. They will be responsible for documenting as much information as possible about the alleged misconduct.

The information filed from the complaint should include who is being accused of misconduct, what information has been given about their behavior, where the misconduct allegedly happened, how it happened, and when it occurred.

This information should be forwarded to your HR team and the department most affected by the ethical incident.

2. Ensure Confidentiality
Every aspect of an ethics investigation must be kept confidential. Maintaining confidentiality is crucial to the investigation’s integrity. If the investigation is not kept confidential, you risk consequences such as:

Undermining the success of the investigation since others know of it
Reputational damage to the accused if others learn about the allegations
A compromised ability of the company to defend against any legal action associated with the investigation
Liability and negative publicity for the company
Retaliatory action from the accused
Attempts to cover up the misconduct by the accused

Confidentiality begins immediately after the complaint is received. No other party should know that an investigation is underway, who is the subject matter, the evidence and materials gathered, the processes followed, and the investigation’s results until the final report is ready.

3. Give Interim Protection
Protecting the accuser or alleged victim should be one of the top considerations immediately after receiving the complaint. Separating the accused from the alleged victim may be necessary to avoid continued harassment or retaliation.

Some protective measures include providing a leave of absence, transfer, or schedule change. However, the complainant must be willing to take these measures. Otherwise, they can view your actions as retaliatory and file a retaliation suit.

4. Select an Investigator
A competent investigator must handle an ethics investigation. Typically, the investigator should possess the following traits:

Investigate objectively without bias
Have no stake in the outcome, a personal relationship with the parties involved, or have their position in the organization affected by the outcome
Possess previous investigative knowledge and working knowledge of labour and employment laws
Strong interpersonal skills to build a positive rapport with the involved parties and appear neutral and fair
Right temperament to conduct interviews
Attention to detail

5. Conduct Investigations
Once you’ve selected the investigator, you should start the investigations immediately, working quickly to identify and stop the unethical behavior before it spirals into bigger organizational issues.

While conducting investigations, the investigator should be thorough in finding the truth and reassuring employees that their submissions are confidential and non-retaliatory. This will ensure they’re more honest, contributing positively to the process.

6. Provide Guidance and Recommendations and Document the Report
Once you’ve completed the investigations, the investigator should present all gathered information and provide a recommendation for the company moving forward. This may involve recommending disciplinary action against the accused employee and effecting policy changes to ensure such incidents don’t reoccur.

After completing this process, you should write a detailed and comprehensive investigation report to provide a reference for future investigations and clear evidence that the investigation was conducted according to procedure.

Having a written investigation report will also help your legal team make a defense in court if the accused employee disputes the disciplinary action in court.

7. Talk to a Compliance Expert
An ethics investigation is a crucial process that your organization must handle properly. An effective ethics investigation process will help your organization remain compliant and avoid damaging lawsuits that can hurt its reputation and finances.

We can hope that we will never have to conduct an ethics investigation, but at most organizations of any size, the time will likely come at some point where we must. Following these steps should ensure a sound and productive ethics investigation. Done right, a proper investigation can get to the bottom of wrongdoing, put an end to the bad behavior, and hold those responsible to account.

Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc. across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com

What the Audit Committee Really Wants from Internal Audit?

Posted by External Dev | July 21, 2023 | Audit Career Trends, Audit Salary, Auditor jobs, careers in audit, ChatGPT, Chief Audit Executives, CIA Recruitment, Data analytics, ESG, Fraud Audit, FTSE 100 companies, Internal Audit, internal audit objectives, internal audit recruitment, IT Audit, Risk Audit

Audit International realise that for many internal auditors, the audit committee is a bit of an enigma. Most of you help the chief audit executive (CAE) or other internal audit leader with materials and content to provide to this subgroup of the board of directors. Much of your work, in summary fashion, ends up there. But, for the most part, we only know what happens behind the closed doors of the boardroom if your CAE conducts a post-meeting debrief. Yes, we know that the audit committee is important. We know that they take our work seriously. But what do they really want from us?

For internal audit leaders themselves, the meetings can be intimidating. The majority of audit committee members are experienced executives from other companies and often serve on other boards. They are generally savvy, informed individuals, who spend a part-time role executing governance duties for the organization where we work. So, while they might, at times, be proactive—meaning, they raise questions or lines of inquiry based on something they initiate—mostly they are reactive, responding to what is presented to them. That means the onus is often on internal audit leaders to help them in their role by carefully choosing what to share with them.

Yet walking the fine line between providing too much detail and maximizing the little time we have with the audit committee can be tricky. Internal audit leaders often express anxiety about meeting with the committee. It can be difficult to anticipate what they may find important versus what they would consider a waste of time. Indeed, internal auditors can be forgiven if they just want to shout the famous Spice Girls refrain: “Tell me what you want, what you really, really want!” So, let’s give that a try: What does the audit committee really, really want?

First, What the Audit Committee Doesn’t Want

During an Internal Auditors career, you report functionally to an audit committee on separate occasions, with different companies. You might foolishly think that you would give them lots of information and let them decide what was important. It’s a trap that is easy to fall into. It takes time, experience, and some good mentors to gain the wisdom to realize that is absolutely the wrong tactic.

It is an evolutionary process to slowly realize that reporting to the audit committee is not about what you want to tell them. It’s only about what they need to know. To cite an often-used phrase: “be brief, be insightful, and be gone.” Keep it short, share the needed knowledge, and let others take their place on the agenda. It’s not about you; it’s about your audit committee members.

What the Audit Committee Does Want

Here are ten things that Audit International have learned that the audit committee of the board wants from internal audit. We hope they work for you when it is your turn to directly interact with the audit committee.

1) The essence of the quintessence: This phrase, “the essence of the quintessence,” was shared by a chief operating officer of a bank once, and it stuck with us. Basically, he was expressing that he and the other execs were busy folks and they want to get right to the bottom line. Don’t just tell me what you are telling me, but tell me why you are telling me. Get to the essence of the quintessence! And that’s what the audit committee wants too! So, if you feel you really must share something with the audit committee, ask yourself why it is so important that they know it. If you can start your phrase with, “this is important because …,” then they probably need to know it. They want the bottom line and the why. The rest is superfluous.

2) Not how you did something, but what you concluded: Have you ever asked someone how their vacation went and they start by telling you about the car ride to the airport? You are being polite, but all the while you wish they’d just answer the question. You want to know about the experience at the destination, not how they got there. Well, the same is true with the audit committee. All the work we did to arrive at our conclusions is important to us, but not to them. They only want to know the conclusion. So, cut to the chase. They trust you did all the right work to get there.

3) Your opinion, not just the facts: Internal auditors follow standards, confirm everything, and don’t spout wild, unsupported views on subjects. We are methodological in our pursuit of facts and the truth. So, when we have made a conclusion, we are usually armed with supporting facts. If not, we tend to refrain from going out on a limb with an opinion. Resist the urge, however, to stick only to the facts. You are not a robot; you are a person with a brain. You have a range of experiences to draw upon and see more of the organization than most anyone else. So, does the audit committee want a Joe Friday, “just the facts ma’am,” approach? Not really. They trust you have done the work and want to hear your views on various topics. If they ask your opinion, trust your instincts and give it to them. If you don’t, you really aren’t adding as much value as you can.

4) Your concerns, audited or not: Whether you are new to an organization or have been there for many years, your well-honed internal audit skills will leave you with an innate ability to have concerns about certain things, whether you have actually done internal audit work on the topic or not. If you had unlimited time and resources, you’d go check out all those nagging worries, and confirm or deny them. But you don’t. The audit plan may not have prioritized it, but that doesn’t mean the concern isn’t valid.

Now, the audit committee has no desire to hear lots of speculation or theories, nor are they interested in trivial things. But, believe me, if you have a good relationship with the audit committee, they want to hear your top concerns, even if you don’t yet have all the facts. You just need to be extra careful in how you position what you say, and you do so rather infrequently. But they do want to know. As they say, that’s why you get paid the big bucks.

5) Something of substance in executive session: One experience that is among the trickiest for a CAE to navigate is the executive session with the audit committee. During the typical executive session everyone who is not a board member leaves the room and the internal auditor meets with the audit committee alone. Over the course of a few years of executive sessions with the audit committee, I can say from experience that there are two things you never want to do: one is to have something to tell them in every executive session, and the other is to have nothing to tell them in any executive session. So, the goldilocks theory applies here, you want to strike the right balance. What to bring up, how to bring it up, and what you need to do both before and after you bring it up is a whole course in and of itself. It is an art, not a science. Don’t be trivial or cavalier about what you bring up. The audit committee wants you to bring things up, and they want them to be of substance.

6) Proof you really get the business and the strategic plan – Whether it is deserved or not, a common complaint by operating leaders and managers within many companies is that internal audit does not understand the business. The last thing you want is for the audit committee to second guess your conclusions. So, if you are confident that you know the business and the strategic plan (and you’d better be), let it show. It should show up in your audit plan, your priorities, and your explanation of internal audit’s observations and conclusions. Don’t risk having the audit committee doubt you. They want comfort that you know the business and are in lockstep with the strategic plan. Give them the confidence that you do.

Another point to make here is to remember that you are a businessperson. As we go about our internal audit work, we tend to put blinders on, as if the audit plan and the audit projects are the only reason for our existence. Of course, they are not. So, when we update the audit committee on what we are doing, what hat are we wearing? An auditor’s who happens to work for the business? Or a businessperson’s who happens to be an auditor? The audit committee wants the latter.

7) That you align with second line functions: Not always, but often the only way that second line functions (risk management, compliance, security, and others) coordinate and collaborate with internal audit is if internal audit (namely the CAE) initiates the coordination and takes a lead role in it. Apart from the added cost of redundant activities, the audit committee doesn’t want a bunch of disjointed terminology, reports, and conclusions coming from the various “risk and control” functions of your organization. They want you to coordinate and collaborate across the second and third lines. If they aren’t telling you that, they are telling someone else behind your back!

8) Courage: Like everyone else in the organization, days are always going to bring obstacles, difficult co-workers, things not going according to plan, changed schedules, broken promises, and other hurdles. But, more often than many other employees in other departments, you will from time to time be called on to summon up some courage. From an obstinate audit client that is making your job difficult to a senior audit client manager that is disagreeing with you no matter how right you are—not to mention fraud investigations, hotline accusations, and executives who are doing questionable things—you are going to come across matters that are so egregious that you must raise them, regardless of the consequence. They are, hopefully, rare, but if you are in internal audit long enough, those times will arise. They will require backbone and strength of conviction, and are not for the faint of heart. But guess what, that is exactly what the audit committee wants from you: a reservoir of courage and the ability to call on it when it matters most.

9) That you understand the politics, but are not political – All organizations are political by nature. Whenever people get together and resources are scarce, win-lose games happen. Corporate politics are a fact of life. As much as we’d all like to be apolitical and let the facts drive what the right answers are, if we don’t learn how to navigate the organization’s politics, we will not be able to get our jobs done effectively. Does that mean we need to use the politics to our advantage? Sheepishly, the answer is yes, but not in an underhanded way. It’s important to know who to talk to, about what, and when; how to position what you are going to say; who needs a heads-up on what; who are the influencers in the organization; and so on. We need to know all that and leverage it to our advantage. Our audit committee members are some rather experienced and savvy businesspeople, and they are also navigating the organization’s politics to do their governance jobs. So, yes, they do expect you to understand the politics to get your job done well and know how to report things to them with an understanding of how the politics works, but they also don’t expect you to be overly political.

10) That you know when you may not be objective: Objectivity is such an important tenet to what internal auditors do and how we do it that we need to be ultra vigilant and self-aware when there is a risk of our objectivity being impaired. Audit committees expect us to be self-aware of when our objectivity might be impaired, or even the potential appearance of it being impaired. So, park that ego, realize you are subject to your own biases, and be self-aware enough to advise the audit committee when your objectivity could be impaired. They expect you to do that.

Earning that Paycheck

Even though they may not tell you directly, take it from us that your audit committee wants you to: be brief, tell them only what they need to know, share your professional opinion, be open about your concerns, leverage executive sessions properly, understand the company’s strategic objectives and strategic plan, collaborate with the second line, be courageous, know the business, navigate organizational politics, and say when your objectivity might be impaired. Easy peasy. Well, not really. But, as we concluded, that’s why you get paid the big bucks.

Putting the AI into IA – ChatGPT and it’s benefits.

Posted by External Dev | June 23, 2023 | Audit Career Trends, Audit Salary, Auditor jobs, careers in audit, ChatGPT, CIA Recruitment, Data analytics, ESG, Internal Audit, internal audit process, internal audit recruitment

Artificial intelligence (AI) has the potential to transform the internal audit profession. ChatGPT, a large language model trained by OpenAI and based on the GPT-3.5 architecture, is an AI tool that can help internal auditors in various phases of their audit work.

Audit International are now going to discuss the benefits of using ChatGPT in these phases.

Planning

The planning phase is a critical phase of the audit process where the internal auditor defines the audit objectives, scope, and methodology. ChatGPT can be used in this phase to analyze large volumes of data and identify patterns and trends that may not be immediately apparent to human auditors. By using ChatGPT, internal auditors can save time and effort in identifying potential risks and opportunities for improvement. ChatGPT can also help internal auditors develop audit plans and testing procedures based on the insights it provides.

ChatGPT can also be used to educate internal auditors about the process under audit and its relevant risks. By inputting data related to the process, ChatGPT can provide a detailed understanding of the process and the risks involved. This can be particularly useful for internal auditors who are not familiar with the process or are new to the organization.

Further, ChatGPT can help internal auditors to identify potential areas for improvement in the audit process itself. As internal auditors input data into ChatGPT, the platform can analyze the data and suggest ways to improve the audit process. This can help internal auditors in developing more effective and efficient audit plans, testing procedures, and reporting methodologies.

Testing Phase

The testing phase is where internal auditors gather evidence to support their audit findings. ChatGPT can be used in this phase to analyze and interpret data, including financial and non-financial data. ChatGPT can help internal auditors in identifying anomalies, trends, and patterns in the data that may require further investigation. ChatGPT can also help internal auditors in identifying areas of the business where testing should be focused and can even suggest potential audit procedures based on the data it analyzes.

Reporting

The reporting phase is where internal auditors communicate their audit findings to the relevant stakeholders. ChatGPT can be used in this phase to generate automated reports that are accurate, comprehensive, and timely. ChatGPT can also help internal auditors in identifying the root causes of issues and provide recommendations for improvement. ChatGPT can even suggest remedial actions that can be taken to address the identified issues.

Monitoring

The monitoring phase is where internal auditors ensure that the management has taken appropriate actions to address the audit findings. ChatGPT can be used in this phase to monitor the implementation of the recommended actions and identify any further areas for improvement. ChatGPT can also help internal auditors identify emerging risks and opportunities that may require additional attention.

Privacy Concerns

One of the most significant concerns with the use of ChatGPT in the internal audit process is privacy. Internal auditors need to be aware of the privacy risks associated with the use of ChatGPT and take appropriate measures to mitigate those risks. It is essential to ensure that the data entered into ChatGPT is anonymized and that sensitive information is not shared or stored on the platform. Additionally, internal auditors need to ensure they have the appropriate consent and authorization to use the data in ChatGPT.

Treat it as a Tool

ChatGPT is a powerful AI tool that can help internal auditors in various phases of their audit work. By leveraging the capabilities of ChatGPT, internal auditors can save time, enhance their efficiency and effectiveness, and improve the quality of their audit work. However, internal auditors need to be aware of the privacy concerns associated with the use of ChatGPT and take appropriate measures to mitigate those risks. By doing so, internal auditors can leverage the capabilities of ChatGPT, while also safeguarding the confidentiality and privacy of sensitive data.

Compliance and AI

Posted by External Dev | May 26, 2023 | Audit Career Trends, Auditor jobs, Big 4 Accounting firms, CIA Recruitment, Data analytics, ESG

It seems like all anyone is talking about nowadays is AI, and Audit International want to know “Can AI enable compliant electronic communications at scale?”

Internal auditors and risk & compliance teams play a critical role in ensuring that organisations are compliant with relevant regulations and policies. However, with the proliferation of electronic communication platforms, the greater embeddedness of electronic communications in our day-to-day work, and the increasing complexity of regulatory requirements, the job of internal auditors and risk & compliance teams has become more challenging.

Over the past decade, we have seen the use of electronic communication in business evolve to the point where we cannot imagine working without it. At the same time, the recent years have seen electronic communication, such as emails and instant messages, increasingly be at the core of regulatory investigations and compliance breaches, with examples all across the media. While electronic communication has transformed the way we work, it also exposes companies to a series of risks that can result in regulatory fines and litigation, causing significant reputational damage and financial loss.

A key challenge is that employees are generally relied upon to observe regulations and corporate policies in their day-to-day communications. Yet they typically receive little support beyond an initial training on compliant communication and are held responsible when things go wrong. The average office worker sends 10,000 emails per year, and it only takes one mistake to get them and their company into trouble. Moreover, traditional compliance training is reactive and simply does not prevent all the breaches that can occur. This is where technology can be leveraged to assist employees in their day-to-day work and, in the long run, create a stronger work culture.

Fortunately, advances in artificial intelligence (AI) are now making it possible to achieve proactive compliance at scale through real-time risk prevention, which can make the job of both employees and risk & compliance teams easier and more effective. One of the key advantages of using AI is that it can help to reduce the burden of manual compliance monitoring tasks, enabling internal auditors and risk & compliance teams to focus on higher value-added activities. By leveraging AI technologies like natural language processing and machine learning, it is now possible to monitor electronic communications at scale, analysing them for potential compliance issues in real time and assisting users to mitigate potential risks before they occur. This can help to streamline compliance management processes, enabling risk & compliance teams to more efficiently manage compliance and minimise the risk of costly violations.

Another advantage of using AI is that it can help to improve the accuracy and effectiveness of compliance monitoring. Traditional compliance monitoring methods often involve manually reviewing vast quantities of data, which can be time-consuming and error-prone. By contrast, AI can analyse data in real time, automatically flagging potential compliance issues and providing actionable insights to internal auditors. This can help organisations to stay ahead of evolving regulations and minimise the risk of compliance violations.

AI can also help improve the quality of compliance monitoring by enabling internal auditors and compliance teams to more effectively identify and address compliance issues. By analysing electronic communications for potential compliance risks, AI algorithms can help pinpoint areas of concern in real time, enabling internal auditors to focus their efforts on the most critical compliance issues. This can help to prioritise compliance monitoring efforts and ensure that internal auditors and compliance teams are able to take a more targeted and effective approach to compliance management.

The use of AI can therefore help organisations achieve proactive and continuous compliance at scale. It can help shift the focus from reactive responses to compliance breaches towards proactive compliance through real-time risk prevention. As AI technologies continue to evolve, we can expect to see more innovative solutions emerging in this space, enhancing the capacity and supporting the critical work of internal auditors and risk & compliance teams.

Introverted vs. Extroverted Internal Audit Leaders: Which One Are You?

Posted by External Dev | April 27, 2023 | Audit Career Trends, Auditor jobs, Big 4 Accounting firms, careers in audit, CIA Recruitment, ESG, Internal Audit, internal audit recruitment

A few weeks ago, Audit International met with a self-described “introverted” business leader. This business leader confided to us that introverted individuals have a harder time climbing the corporate ladder. The individual went further in claiming that recent research shows that it is worst for women, as introverted women are seen as less assertive and lacking in leadership traits.

Conversely, the business leader pointed out that recent research also shows that introverted individuals actually make better leaders, but because they are not as assertive as their extroverted counterparts, they are not equally represented in leadership positions. That took a minute for us to reflect on. It was one of the most thought-provoking discussions we’ve had in recent weeks.
Curious by the proposition and wanting to see what statistics we could get on the topic ourselves, we set out to create several online polls. Initially, we just asked a simple question:

Do you consider yourself an introvert or an extrovert? Here are three things we learned from asking that and some follow-up questions:

People Do Not Like Binary Options on Personality Traits
In two separate polls across different platforms, we received similar feedback:

“No room for those who don’t fall into these binary groups?” was one of the first responses.

“Some people vary based on their environment,” and “I believe there should be space in between the two,” were two responses that quickly followed.

“Do you have a definition of introverts and extroverts?” was the last question.

Even when we tried to foolishly define the terms we were met with a big, “it depends.”

Lastly, we received the one-word response that took my approach in a different direction: “ambivert.”

The Power of the Ambivert
A full 70 to 80 percent of internal audit professionals considered themselves introverts when only given two choices on the introvert vs. extrovert spectrum. However, in follow-up polls, when the ambivert option was introduced, the results were different. Vastly different. Nearly half of the introverts from the initial polls now classified themselves as ambiverts. Ambiverts were now, in two separate polls, the largest group.

So, what does that mean?

Maybe we’re being foolish again, but here is our theory: Introverted ambiverts are those who usually keep to themselves and don’t brag about their accomplishments, but when the stars align and the spotlight is on them, they shine.

When Audit International first started in the internal audit profession, we worked with two introverted gentlemen. They generally kept to themselves in the day-to-day audit process. But, when they led projects, they had absolute killer instincts.

In that group, they audited the Latin America region, so depending on the country visited they would switch from English to Spanish or Portuguese and back to English with pure finesse. Audit clients would be at ease with their approach and communication style. Anyone who had only known them for that period would swear they were extroverted individuals. But they were not. They were ambiverts.

And that is the power of the ambivert: Killer instincts when it matters.

Extroverts Are Disproportionately Represented in Leadership Positions
Back to the business leader’s proposition that introverted individuals get the short end of the stick when it comes to leadership positions. Was that the case? Based on my poll results, yes.

Extroverts represented approximately one-fourth of the sample population of internal audit professionals. However, they represent one-third of those professionals in leadership positions. Introverts, excluding those with ambivert traits, represented over a third of the sample population of internal audit professionals, but only 10 percent of those in leadership positions. These statistics can be even more accentuated when it comes to female leaders.

A burning question then came to mind. Do extroverts make better leaders? Would that be the reason they are overrepresented in those positions?

Audit International set out to attempt to answer that by asking the community about their experience with their previous leaders. Were their best leaders introverts or extroverts? For this last poll, we purposefully left the ambivert option out.

The results? Extroverts were slightly at an advantage, 53 percent versus 47 percent. In other words, the “best” leader being an introvert or extrovert had close to the same likelihood as the flip of a coin.

How come we don’t have more introverted leaders if they are just as good as extrovert ones?

We don’t have any statistics there but, in my opinion, it’s likely because extroverts are seen as better communicators, and being a good communicator is a sought-out trait in effective leaders.

Should Introverts Lose all Hope?
No. Introverts in some circumstances may have an advantage over extroverts. Another reason is that in [internal audit], passion for the role is important to the impact that you can have on the organization. An introvert has to put a bit more effort into the work than an extrovert does, and I’ve seen several times where this translated to the level of commitment and effectiveness to the role.”
It might even be concluded that an introvert displays more active listening skills and empathy, which is also essential in leadership roles.

What SOX can teach internal auditors about ESG.

Posted by External Dev | April 5, 2023 | ESG, Internal Audit, internal audit objectives, internal audit process, internal audit recruitment, Internal Controls, Sarbanes-Oxley

When SOX was first enacted in 2002, its goal was to increase the overall transparency of financial reporting while, at the same time, develop a more reliable system of checks and balances. It was understood that compliance was both a legal obligation and good business practice.

Affecting both public and private U.S. companies, as well as those non-U.S. companies with a U.S. presence, SOX is focused on corporate governance and financial disclosure. It requires that all financial reports include Internal Controls Reporting and demonstrate that a company’s financial data is complete and accurate, with an adequate number of controls established to safeguard it. It also encourages the disclosure of corporate fraud by protecting whistleblower employees of publicly traded companies or their subsidiaries who report illegal activities.

The continued evolution of ESG on the other hand, includes a variety of factors that are often used to evaluate a company’s commitment to sustainable operations. The environmental factors in ESG offer insight into an organization’s environmental impact, including its carbon footprint, climate change initiatives, waste management policies, natural resource conservation, pollution, or efforts to decrease deforestation.

The social component of ESG examines an organization’s treatment of stakeholders (workforce, customers, providers and suppliers, government, regulators, or the local or global community) on issues such as diversity, equity, and inclusion practices, wages and salaries, and sales practices.

Lastly, the ‘G’ in ESG focuses on the governance factors and how to assess whether a company’s internal processes are able to ensure the organization, and its employees, act with professionalism and integrity.

While SOX is primarily focused on financial information — working with finance professionals and accountants — ESG is more concerned with non-financial data and metrics. It shouldn’t come as any surprise when organizations faced with these evolving and new ESG reporting requirements ask themselves.

The role of internal audit, Starting small and look at the bigger picture:
In the years that followed the introduction of SOX, the effect that it had on the internal audit profession was clearly a double-edged sword. On the one hand, internal auditors were quickly recognized as the experts needed to step into this space and provide the guidance that so many organizations needed. This resulted in growth across both the internal audit profession, as well as the various functions internal auditors were able to provide assurances for. It’s fair to say that internal audit membership more than doubled during the first few years of SOX implementation.

However, due to the urgency and level of uncertainty that SOX presented, leaning heavily on internal auditors also resulted in their spending greater amounts of time focused exclusively on SOX priorities, and significantly less time focused on those risk-based audits that organizations depend on. From an internal audit perspective it was a massive undertaking, and one that led to organizations developing SOX-specific internal audit teams.

Over the course of the last 20 years, and as a direct result of SOX, internal audit’s role around internal controls for financial reporting has become well established. Many of those same auditing skills and practices can (and should) be applied to ESG. However, an all-too-common question that’s on everyone’s mind is — “Who is responsible for ESG?”

ESG should be viewed as a top-down initiative, particularly from an organizational perspective regarding mandates, targets, and how goals are being established, monitored, and reported on. Each area or department of an organization should be aware of and responsible for their ESG initiatives. However, internal audit has an opportunity to become trusted advisors and take on more of an influential role when it comes to those first step.
How can internal audit provide the greatest value?
Organizations should reflect on the experiences they had in the early days of SOX and focus on identifying and understanding what the key controls of ESG will be. Where SOX was focused exclusively on financial reporting, ESG falls into that category of “everything else”. It comes down to the accuracy and reliability of the information. But how does an organization go about achieving that? The same way financial reporting was achieved with SOX.

Organizations have become comfortable with their financial reporting. They have been measured according to their financial results for a very long time. ESG in audit is different. It’s broader. It covers more ground and organizations will need to take some time to comprehend how to effectively turn the foundations of ESG into meaningful reports. Although it may be more complicated, the underlying processes that have been used for Sarbanes-Oxley for the last 20 years can be leaned on as a starting point when addressing ESG and identifying a methodology for assurance.

ESG presents a tremendous opportunity for internal audit to make an impact within their organizations. Because it is still evolving, and new guidelines and mandates are being released every day, a good strategy for internal audit would be to start small and identify those ESG factors that can be quickly included into your existing audit plan. Whether that’s reducing overall energy consumption throughout your office or working more closely with Human Resources to ensure new-hire practices are following appropriate guidelines, acknowledging the industry your organization resides in, understanding its risk landscape, and identifying a best-practices framework will give you the direction you need to successfully navigate ESG.

If there is one takeaway from the lessons learned when SOX was first implemented, it’s that those in the internal audit profession should avoid taking the “wait and see” approach with ESG. ESG is here and is gaining exposure and traction every day. The social ramifications of ESG alone should be enough for organizations to sit up and take notice. Understanding how to audit ESG — knowing your organization’s metrics and targeted reporting requirements, what to audit against and include in the final audit report — will better position you for success as a trusted advisor within your organization. Fill those essential Subject Matter Expert gaps early on with Audit International, identify and engage with key stakeholders, and avoid the reactionary trappings and costly mistakes of waiting too long and scrambling for solutions.

How ESG will change who you work with

Posted by External Dev | March 10, 2023 | Audit Career Trends, Audit Salary, Auditor jobs, Big 4 Accounting firms, careers in audit, CIA Recruitment, Data analytics, ESG, iac recruitmeny, Internal Audit, internal audit objectives, internal audit process, internal audit recruitment, Internal Controls, IT Audit

A new focus for Audit International and our clients is ESG. But there is one thing all of us are perhaps not considering as much : ESG’s impact on the workplace.

Environmental, Social, and Governance (ESG) factors are changing how companies conduct business in many ways, including:

– New ESG or climate-related disclosure regulations to comply with, especially in Europe.
– The need to effectively identify and manage ESG risks (including compliance, financial, and reputational risks), and integrate them within the existing enterprise risk management framework.
– Bringing a host of environmental and social metrics at par with financial information, especially with regards to data quality. There is a growing need for investor-grade ESG data.
– Ensuring that ESG factors give you a competitive edge in attracting investors, customers, and talent.

But there’s another change brought by ESG that’s not getting enough attention: The effects on workplace interactions.

– Firms that ‘get ESG right’ understand that ESG isn’t the responsibility of only one person. You can’t simply appoint a Vice-President or Director of ESG, or just place ESG under the Chief Financial Officer or Chief Sustainability Officer.

– Also, different departments can no longer work in their own little world with occasional collaborative efforts across functions. The important changes brought by ESG will also bring fundamental changes to the workplace.

The ESG team :
ESG is a team sport. People from different departments will have to work together as part of a single team.

You may be in Finance, Legal, Risk, HR, EHS, Sustainability, Operations, IT, or Procurement, but now, in addition to your regular teams and colleagues, you will also be part of the ESG team.

And your company’s ESG team will play a critical role because strong ESG performance drives corporate performance.

This represents a significant shift because suddenly key employees will have to align with a new set of stakeholders. They will have to work together with colleagues they might not have worked with before, or even knew. Here’s a sample of the types of interactions to expect:

EHS will have to provide key metrics to Finance for combined financial and ESG (or non-financial) reports.
EHS will also have to show to Finance and auditors (internal or external) how they provide limited or reasonable assurance on the data.
Procurement will seek guidance from EHS and the Sustainability team on how to capture greenhouse gas emissions data to calculate Scope 3 emissions.
HR will be asked to provide more tangible metrics on DEIB to Finance for inclusion in the combined financial/ESG report.
Did you bring together key stakeholders across departments as part of your ESG strategy?

Have you recruited members of your ESG team yet? If this is a topic you are actively hiring for, then please get in touch with us here at Audit International to assist you with any hiring needs you may have.

Conducting a cultural audit: Concluding the analysis

Posted by External Dev | March 10, 2023 | Audit Career Trends, careers in audit, CIA Recruitment, ESG, Internal Audit, internal audit objectives, internal audit process, internal audit recruitment, Internal Controls

Our journey discussing the benefits of auditing organizational culture is coming to an end. Audit International began this series by introducing initial cultural auditing concepts in the first article. Then, in the second article, we continued by more closely examining the first half of the top ten tips that were outlined. In this, the final article of the series, we wrap up with the second half of that list and conclude our analysis.

Auditing culture-
Auditing culture requires involving a wide range of stakeholders and will require you to consider alignment of the desired culture to the actual activities of many people. As we have seen, the leadership in the organizations and the people within the business are clearly very important. To get a true sense of culture you will also need to consider organizational partners and outside service suppliers.

If culture is the way things are done more informally, then this impacts everything in your entire organization’s wider sphere. In this context, procurement may be an important stakeholder to engage with in any cultural audit to better understand their selection methodologies, allowing you to form a view, for example, on how they consider cultural fit in the selection of any third-party suppliers. It also goes beyond the selection of suppliers to how we treat them once they are in place. Does the organization treat them fairly, or is the focus on cost at the expense of other, more important matters?

Ensure that you consider both design and operating effectiveness –
Auditing work should be examining both design and operating effectiveness. Cultural reviews are no different but have the tendency to focus on design at the cost of operating effectiveness. As with all audit work, you would typically begin with a risk and control assessment which can be developed in line with the cultural levers you have identified. Typically, an auditor would then request documents, allowing some desktop analysis ahead of the interviews. Interviews with management can focus on whether they understand the desired culture and can clearly articulate this, while also identifying which levers they see as being particularly important for ensuring the culture is real and lived on the front line. Interviews should also probe the extent to which management role model the desired culture every day and ensure their teams’ activities are in line with the culture.

However, understanding operating effectiveness requires a wider approach and talking to a wider range of employees. Focus groups or surveys can be effective to gather data from employees and may provide more diverse views. If focus groups are operated, they will require additional skill, with the lead needing to manage the group so that a fair range of positive and negative views are heard.

Despite the limitations of cultural measures these too should be requested for each of the levers to understand the extent to which the organization has cultural measures and whether the results are acted upon. Measures that you may wish to consider typically involve people management activity, such as employee turnover, exit interview data, grievances raised by employees, whistleblowing information, and absence data. Other areas should also be explored, such as customer complaints data. However, collecting these may present a challenge. If culture is important in the organization, then it will be available and likely reviewed. If not, there is the potential your first audit finding on the need for management to have appropriate measures in place to track whether the desired culture is being delivered in practice.

In Audit International’s experience, there is no, single best way of conducting cultural audits. Rather, you need to form a view of what is right for your organization. One aspect you will need to consider is whether you conduct specific cultural reviews in your audit plan, have it as a component in all audits that you conduct, or draw out cultural consideration into an off-plan piece of work. I’ve seen all aspects of all three of the options successfully implemented.

Don’t go for a grand plan –
It is important that you consider how you introduce cultural auditing into your program of work. It’s a sensitive topic, and management will often be wary of audit getting too involved. Your internal audit colleagues may also be nervous about whether an area like culture can, in fact, be meaningfully audited. The best advice being — don’t go for a grand plan, but rather start small, test, and learn as you go. This includes building support from the Board and executive leadership by demonstrating, as you go, the insights gained from the cultural examination you have completed and the possibilities to go further with increased resources and business buy-in to this challenging area.

This lends itself to the suggestion to start with a pilot, or a proof of concept, where you identify an area of the business to work with and look to introduce the concept of auditing culture at this point. This should be an area where you know you have a senior auditee who is an advocate of internal audit and willing to work with you to make the pilot a success. Audit International have found that success breeds more success and considerable momentum can be delivered in this manner. Early on, it is also good to share examples of your work and the value it is bringing. I call this the “test, share, and impress approach.”

Collaborate with your business colleagues –
It is also very important to work with the business. The tip here being: Collaborate with your business colleagues – independence is a mindset. Audit International have spent time with many auditors who have been reluctant to collaborate in any deep manner with the business, citing the audit charter and the need for full independence from first-and-second-line activity. We agree, our independence as internal auditors is very important. We need to be objective in all we do to avoid threatening this. However, Audit International don’t believe independence means that we cannot work closely with the business where it makes sense to do so.

One such area, for example, is the identification of the cultural levers discussed earlier – an organization-wide conversation on this is helpful in building appropriate understanding and support for the examination you wish to conduct. Also important is the identification and quick access to relevant data for your cultural work, both at an organization-wide level, but also in divisional units of your business. There is likely to be shared interest in this area, particularly with your HR function. Given this shared interest, it makes sense for all those interested in cultural understanding to come together to share ideas and data for the benefit of the business. For example, this may mean developing a shared data area that all can access. Identify across your business who is interested in this space and join with them to share, learn, and progress.

Upskill all auditors at all levels –
Finally, ensure that the program of work you want to introduce is a sustainable approach to auditing culture. Find a way to get your people behind this approach. At heart, we are a people business and any push to audit this challenging area on a sustainable and systematic basis will depend on the skills and knowledge of your teams.

This leads to the final tip to upskill all auditors at all levels. As we identified earlier, your impact is likely to be much higher if your teams integrate consideration of cultural levers and impacts throughout your audit work and not just in any standalone audit you may do. Understanding the nuances of culture is not simply reserved for HR and psychologists but is a core competency for all auditors. This should be reflected in the recruitment and development approach for your team.

This is likely to mean that if you are going to make cultural assessment a core part of your internal audit work you will need to provide training to the audit team. This will need to cover the organizational cultural levers that you have identified, the data that can help you understand these levers, and the interviewing techniques that will need to be employed to get to actual, as well as espoused, culture. Be honest with yourself and acknowledge where you don’t have the skills that are needed. You will likely need to draw on other sources of expertise, including business and external consultancy support. These can allow you to supplement both the capacity and capability of your team.

And, of course, think carefully about how you organize to deliver this challenging area of work. Our current view is that a multidisciplinary (sometimes called Hybrid) approach is most successful. This is all about how you set up your operating model to deliver your cultural audit work. Some larger functions have established dedicated, well-resourced teams to examine culture in their organization and have staffed this with a blend of expertise, including behavioral psychologists. This group of specialists work alongside and coach front-line auditors who are then encouraged to consider cultural levers in all their audit work as we discussed earlier. Clearly, this is more relevant for larger organizations, but even in smaller functions, you may choose to appoint a cultural lead (or champion) with the responsibility to support and drive the integration of cultural aspects into all your audit work.

Conclusion –
There is no silver bullet for the successful development and implementation of a cultural audit program. Hopefully, the tips that Audit International provided throughout this series of articles will be a useful catalyst for your work in this space as you consider the conditions needed for you to achieve momentum around the idea of auditing culture in your organization.

Conducting a cultural audit: The first five steps.

Posted by External Dev | February 23, 2023 | Audit Career Trends, Audit Salary, Auditor jobs, careers in audit, CIA Recruitment, ESG, Fraud Audit, Internal Audit, internal audit objectives, internal audit process

Audit International now bring you the second part in this three part series – Having introduced the initial concepts of what is involved with auditing organizational culture in the first article of this three-part series, we now can begin the process of drilling down and more closely examining the first five of the top ten tips to conduct a culture audit.

Identify your cultural levers:
The first step to successfully conducting a cultural audit is to identify the daily management activities that occur throughout the organization – your cultural levers. These levers look to align the culture we desire with the day-to-day activities of everyone in the organization. If we understand what leaders focus on to deliver this alignment, then we have a starting point for identifying what to test to provide our opinion on the effectiveness of culture.

Cultural levers often vary from organization to organization, so you need to work with management to identify what is influencing behavior within your specific organization. However, there are areas that I would expect to see. Published value statements are significant and an indication of what should be happening. Leadership is also significant, not just at the top but cascading throughout the organization at all levels. In this context, the organization’s approach to people management is vital with the impact this has on encouraging the behaviors that are needed for success. However, culture goes much deeper and is present in the management of other resources, including areas such as customer engagement, complaints handling, supplier management, corporate responsibility, risk management structures and profile, and internal and external communication.

This may appear daunting, but a well-organized approach to assessing each lever can quickly identify areas that are not truly aligned with the espoused values; a clear indicator that desired culture is not operating as expected.

The next four tips examine these cultural levers more closely to illustrate what they mean and to help inform you about the questions you might want to consider testing in order to arrive at an opinion on the organization’s culture.

Reputation:
Employees watch what leaders and key individuals in organizations do and how they operate. They see the dissonance between what the organization is saying, both in its external and internal communication, and their lived experience of working there. Assessing whether there is alignment is a key aspect of any audit of culture. This is even more important given the increased focus over recent times on aspects of corporate and social responsibility and the push for Environmental, Social, and Governance (ESG) activity from investors. Acquisitions of ‘greenwashing’ in your communications can be hugely damaging. This means that it is important to pay attention to external reputation and its alignment with internal messaging and should be considered across all social media.

Leadership:
The third tip is all about the examination of leadership’s role in owning and managing the culture in the organization. In internal audit, we need to examine whether this is occurring both at design and operational effectiveness levels. We are there to check that the activities of leaders are aligned with the espoused values and are supporting the delivery of the business strategy. In our audit work we should be looking for a consistency of message and actual managerial behavior. Leaders play a pivotal role in managing the business such that there is consistency across activities and that they work toward delivering the required culture for success. To do this practically, we need to build audit programs that look for evidence of areas such as misalignment in leadership actions and customer-centric examples that manifest in the practical activities of front-line colleagues. Leadership should be able to clearly demonstrate actions that they have conducted that help move the organization closer to accurately living the culture and evidence-measurement activity that supports this.

In this context, during an audit, I would expect leaders to be able to articulate how they ensure the culture is embedded through their team’s day-to-day activities, including examples of how they role model the culture in their own activities and interactions. Interviews will form a significant part of assessing these. However, data analytics can also be used to examine areas such as communications from leaders over a period of time looking for references to culture.

Simply put, what you are looking to establish here is whether the fine words on a page have a living connection with reality and link through to a real impact on the delivery of the organization’s strategy.

People management:
This leads us to the next cultural lever – people management. The key here, as with all aspects of cultural audit, is alignment. Across the entire employee lifecycle the behaviors we need to exhibit for the business to be a success need to be front and center. This starts with the employment brand, which should signal to potential recruits what the organization’s values are and includes the testing of new recruits against this. Objectives need to be set not only about what is needed to be delivered in terms of financial results, for example, but also how these results will be achieved.

Performance management needs to be expertly conducted to explore the colleague’s contribution to delivering organizational success in the way we want it delivered. This should be a continual process and include ongoing dialogue, not just an annual form-filling event. Promotion decisions should clearly consider this aspect and signal to all colleagues how behaving in the right way counts for personal success.

In developing your audit program, you need to consider all aspects of the employee lifecycle: attraction, reward, management, development, and exiting colleagues. In reviewing all these aspects, you need to be cognizant as to where the controls are operated. In most organizations, while the Human Resources function is likely to have a key role in the design of many of the practices mentioned, the management of the risk and operation of the controls largely sits within the business units of the organization. That is the place you need to be testing reality, not just within the HR function.

Identify key processes and assess alignment:
Next, we move on to two heavily connected cultural levers: process and change. When reviewing your organization, a key step is to identify the processes that are critical to the management of the organization’s culture. From this, you can review whether their operation is consistent with the outlined culture. In this case, we mean the culture promoted not only to your employees but outside your organization through your brand and external image to customers and other important stakeholders.
Employees, in their scanning of the organizational environment, will spot processes that do not sit well with declared ideal behaviors and values, where potentially the organization is looking to put short-term gain before longer-term goals. If these exist, it sends a huge signal to customers and colleagues that leadership does not really mean what they say. Included in these key processes are likely to be many of the internal processes around people and supplier management, but, most significantly, processes around how you deal with customers and how you respond to their feedback and complaints.

Alongside this, consideration needs to be given to how the organization’s change programs identify how changes they are looking to enact to systems and processes promote the desired culture. Change programs are a key touch point where the organization can ensure that the culture is being reflected in operating practices. However, they can also be a point of risk. Delivering efficiencies, while at the same time undermining the desired culture, can create problems that are hugely difficult to unpack.

Next up, in the third and final installment of this article series, Audit International finish identifying and discussing the remaining top ten tips to audit culture and conclude the journey that set out to help you deliver cultural insights within your organization. We hope you’ll stick with us.

Conducting a cultural audit: A holistic approach

Posted by External Dev | February 10, 2023 | Auditor jobs, Big 4 Accounting firms, careers in audit, CIA Recruitment, Data analytics, ESG, Internal Audit, internal audit objectives, internal audit process, internal audit recruitment, Uncategorized

At Audit International, we understand auditing organizational culture is a challenging area for internal audit. Culture is dynamic, and regularly changing. Successful auditing of culture requires a holistic approach across the internal audit function covering the development of internal auditor skills, adjustment to audit methodology, and buy-in from the business regarding the value insightful culture auditing can bring.

In this first article of a three-part series, Audit International examine and discuss the various factors for successfully auditing and influencing culture in your organization.

What is organizational culture, and why does it matter?
Before looking at how you audit culture, it’s necessary to first have a good understanding of what you mean by culture and why it’s important to organizational success.

The classic definition is around the phrase coined by Charles Handy, “the way things are done around here”. While helpful for us to gain insights into auditing culture, we need to unpack this further. Culture is about the interaction between values and behaviors and how these are seen in the organization’s activities and interactions with the range of stakeholders it has (e.g., employees, customers, suppliers, and society).

Top ten tips:
Given the fact that you are reading this article, hopefully you are already convinced that internal audit has a role to play within the organization when it comes to assessing culture. You may already be on this journey delivering cultural insights through your work to your Board, or you may simply be interested in learning more about how to begin this journey. Whichever stage you find yourself, the following top 10 tips will provide you with some initial and practical thoughts that provide a view on culture and the direction needed to influence both management and the Board.
1 – Identify your cultural levers
2- Reputation, Identify whether the organizations actions and messaging, internal and external, are aligned
3- Leadership, Do they own and manage the culture?
4- People Management, Is desired culture integrated into people-management activities?
5- Identify key processes and access alignment.
6- Auditing culture, is this holistic approach being considered by a wide range of stakeholders?
7- Be sure that you consider both design and operating effectiveness.
8- Don’t go for a grand plan.
9- Collaborate with your business colleagues, independence is a mindset.
10- Upskill all auditors at all levels.

In the coming second and third articles of this three-part series on auditing culture, Audit International will take a closer look and provide a more in-depth examination of each of these suggested ten tips. These follow-up articles will offer examples and provide opportunities to more successfully audit and influence the culture at your organization.

Top ↑