Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

​The Beam in Internal Audit’s Eye

Before they can establish credibility with stakeholders, practitioners must first get their own house in order.

Comments Views

​Imagine you have just completed an audit. The details are not important. All you need to know is that the department is composed of professionals — individuals whose jobs require them to be self-directed, critical thinkers who understand the business and communicate effectively.

You have identified two potential problems. First, every action taken by each professional in the department is subject to review by that individual’s superior. Subsequent to that review, the department conducts a second set of reviews to ensure the work is correct and that the first review was completed.

Second, considerable rework occurs before the department publishes any results. A disproportionate amount of time is scheduled on all projects simply for the publication process. Moreover, the rework results in significant delivery delays.

Anyone with a modicum of internal audit skills should see these processes are the result of an overemphasis on controls. The first question an auditor should ask is whether the cost of those controls matches the cost of the related risk. Next, why not streamline the process by removing some (if not all) of the reviews? And third, what is the root cause of the constant rewriting?

Have you guessed where I’m headed on this one? Procedurally, how much of the audit documentation you create has to undergo a first and second round of approvals? (Hint: The answer is probably all of it.) How many rewrites did your last audit report go through? (Hint: If you answered fewer than five, I’m not sure I believe you.)

It is internal audit’s job to evaluate the efficiency and effectiveness of processes, ensure risks are managed appropriately, and ultimately, help the organization achieve its objectives. We expend enormous foot-pounds of energy toward that end. And yet, how much effort do we put into self-analysis? How much time do we spend auditing ourselves?

Are you able to explain how the internal audit department’s objectives align with the organization’s objectives? Can you articulate the risks to the audit department’s achievement of its objectives? Can you identify the controls that ensure those risks are managed appropriately? And perhaps most importantly, when was the last time you took a good, hard look at your processes to see where gaps might exist or (much more likely) where those process might be overcontrolled?

If internal audit wants to ensure true credibility with its stakeholders, we must look inward — we must evaluate our own policies and procedures. And in so doing, we will surely see that we are as guilty of reportable issues as anyone we audit. Quite simply, internal audit must cast the beam from its own eye before it can see clearly enough to cast out the mote from the client’s eye. 

Mike Jacka
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Mike JackaMike Jacka<p>​​​​​​​​​​​Mike Jacka, CIA, CPA, CPCU, CLU, worked in internal audit for nearly 30 years at Farmers Insurance Group. He is currently co-founder and chief creative pilot for Flying Pig Audit, Consulting, and Training Services (FPACTS). In <a href="/_layouts/15/FIXUPREDIRECT.ASPX?WebId=85b83afb-e83f-45b9-8ef5-505e3b5d1501&TermSetId=2a58f91d-9a68-446d-bcc3-92c79740a123&TermId=ac8af301-e15c-49bc-9c04-b97c2e183a4b" data-feathr-click-track="true">From the Mind of Jacka​</a>, Mike offers his wit and wisdom on the internal audit profession.</p> Jacka blog posts


Comment on this article

comments powered by Disqus
  • AuditBoard-May-2021-Premium-1
  • Awareness-Month-May-2021-Premium-2
  • Virtual-IC-May-2021-Premium-3



Thanks, We Already Know That, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Six Data Privacy Predictions for 2020 Data Privacy Predictions for 2020
Public Servants Are Vital to Defeating COVID-19 Servants Are Vital to Defeating COVID-19