I read with great interest
"Audit Never Sleeps" by IIA Global Chairman of the Board Angela Witzany in the August 2016 issue of Internal Auditor, regarding her chairman's theme. I agree this is a very timely theme given the 24/7 world that we live in and the speed with which technology and the world around us is changing. However, as I was reading the article, a few other things came to mind from my early days in internal audit working for a global manufacturing organization to which this theme also applies.
One situation that comes to mind is when our internal audit team conducted globally coordinated audits. Effective collaboration across a global internal audit department often requires individuals to work outside their countries' regular working hours. While at times it can be frustrating to wake up in the early hours of the morning or stay at the office late into the evening to connect with colleagues around the globe, in many cases a phone call can accomplish much more than multiple email exchanges ever will. Further, when we performed these globally coordinated audits (such as global treasury operations), discussing in real time the risks that each of us was seeing in our own countries/continents provided a much different perspective of risk across the process than considering the risks on an individual country/continent basis (or by trying to pull the information together via email). In cases such as these, the benefit of real-time sharing across time zones was well worth any sleep we may have lost.
Another situation that comes to mind is performing audits of manufacturing facilities within the organization that operated on a 24/7 basis. While many of the individuals engaged in the accounting/finance side of the facilities we audited worked more traditional schedules, there were numerous individuals who worked the night shift. It was sometimes eye-opening for auditors to go back to the facility after dinner and observe any differences with respect to items such as physical security of the location, interactions among employees, and general applications of policies and procedures. In situations such as these, if you only conduct your audits during normal operating hours, you may be missing some key risks to the organization.
In thinking about the theme "Audit Never Sleeps," are there areas for which approaching your audits outside the normal 9 to 5 might provide a different perspective on risks?