Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​Building a Better Auditor: Developing an Internal Auditor's Mindset

Comments Views

​So, you have hired the successful candidate who will join your internal audit team, and you are excited to have someone lighten your team's workload — but have you subscribed to a new problem, an insider threat? These days, the new hire's "lifespan" with the organization may be virtual — from entry to exit. It is the expectation that whoever joins the internal audit team will add value, but while it may be easy to assess external variables, the intrinsic value of a candidate cannot be ascertained until he or she is tested in real-life scenarios.

So what can be done to influence an internal auditor's mindset during his or her time with the organization, in-person or virtually? The IIA's Attribute Standards state that threats to independence and objectivity should be managed at the individual auditor, engagement, functional, and organizational levels. 

Onboarding While onboarding involves getting new employees attuned to the organization's culture and philosophy, internal audit needs a specialized version of the process that will enable the new hire to understand internal audit as a function within the organization. To preserve internal audit's independence, there are certain attributes and information that may not be available to others within the same environment. Thus, understanding confidentiality and restricted access is important. In some cases, nondisclosure agreements are required at the beginning of the auditor's tenure.

Personality Traits Different people, different personalities. Some personalities that are often perceived as assets can be liabilities to internal audit. For instance, to get the "scoop," outsiders (e.g., from other departments or third parties) often look for a weak link within internal audit from whom they can obtain information. While internal audit needs to build rapport with everyone — after all, they are not enemies — there needs to be an awareness of when to set boundaries. There have been times where I have seen a chief audit executive (CAE) complain about how the new hire has unknowingly passed on some "in-house" information or techniques to clients.

Testing and Discussing Are there follow-up engagements to be conducted? This is a typical time to engage new hires. After the engagement, experiences can be discussed and this can provide insight into the theoretical concepts that may have been discussed during onboarding.

From a team of two internal auditors to a multinational running across different time zones and locations, there should not be a closed-door policy where junior team members cannot access senior team members. It is important to share practices, discuss, and engage. That way, all parties can benefit from a cross-exchange of ideas and experiences.

I once suggested a book for a CAE to discuss with a new hire. The idea was to write a summary of the book and discuss over a lunch or tea break. It took the new hire by surprise because the book was not technically inclined, but the author created some ethical scenarios around the central character. This gave them an avenue to discuss real threats to independence under different scenarios.

Sometimes it's the little things that add to the big picture. 


Mustafa Yusuf-Adebola, CIA, CPA, CFE, CGA, is a fraud risk consultant and systems thinker in Ontario.

Want to be a part of Your Voices? Click here to learn how to contribute a blog post.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3