In a recent blog, I explored some of the sources of tension between internal audit and management. One member of the management team with whom internal audit has a particularly interdependent relationship is the chief legal officer (general counsel). I explored internal audit's relationship with the general counsel in a May 2015 blog. In another of my summer rerun series, I thought it was timely to share the blog again.
When I first became a CAE, it didn't take me long to realize that the relationship with my organization's general counsel was going to be complex. I quickly found him to be a great resource as he and his team were ready and willing to help my staff with important legal advice during ongoing audits. He also seemed genuinely invested in my success as a young addition to the organization's leadership team.
But it wasn't long before we knocked heads. He had assigned members of his team to investigate a serious contracting irregularity that potentially involved a violation of law. Because the problem had surfaced as a result of an internal audit, I knew that his staff had provided contracting officials guidance that had been potentially faulty. I gently pointed out that it might be a conflict of interest for him to now direct an investigation of actions that involved his own staff. Our relationship was never the same.
Whenever the topic of relationships with the general counsel is raised during an internal audit roundtable I attend, there is no shortage of opinions. Too often, CAEs express frustration with general counsels who they believe are more concerned about reputational and legal risks than affording internal audit the opportunity to fully articulate the results of their work.
To be sure, reputational and legal risks are important. However, general counsels too often would prefer to eliminate these risks altogether in internal audit reports — in effect, silencing internal audit from sharing critical information with the board or audit committee.
News reports of alleged corporate misbehavior are never in short supply. But it seems that they increasingly include details of actual or attempted intervention into internal audit activities by general counsels or members of their staff. The most recent example is a Reuters news agency special report, titled "Dow Confidential – An Iconic Chief Executive Vs. His Company's Internal Watchdogs," published just last week (May 6, 2015). The article chronicles challenges faced by the CAE* and other members of his staff in their efforts to expose what they considered questionable expenses by the company's CEO. In a legal deposition cited in the article, Dow's former CAE noted that the company's general counsel "was the most vocal in arguing with me as to what was a valid business expense and that I should basically stand down and let these things go."
I have seen many other instances of heavy-handed actions by corporate attorneys — for example, how internal auditors were persuaded to inappropriately refrain from characterizing certain foreign expenses as U.S. Foreign Corrupt Practices Act violations. The argument most often advanced is that the expenses in question are legal "facilitation payments." Faced with intimidating legal expertise, internal auditors often "fold their hands," and potentially critical information is concealed.
As Robert Mundheim, an attorney who advises on corporate governance issues, has noted, "The general counsel is supposed to provide advice on the legal environment and legal responsibilities." Mundheim also correctly points out, "General counsel's role as a partner to senior management does create tensions. General counsel must retain the ability to make clear-eyed professional judgments and to have the backbone to raise issues with the appropriate decision-maker if, for example, the proposed course of action raises issues of compliance with the law."
By no means am I suggesting that the CAE should disregard the advice of general counsel. Rather, I believe we must be cautious in accepting general counsel's guidance as infallible.
When it comes to the CAE's relationship with general counsel, I suggest that it be guided by at least five principles:
- Mutual trust that each party is acting in the best interest of the organization.
- Respect for the respective roles of each party and the prism through which each views risks.
- Communication on a continuous basis to foster effective risk management, internal controls, and corporate governance.
- Collaboration to ensure risks are effectively managed and internal controls are effectively designed and implemented throughout the organization.
- Recognition of the right of each party to agree to disagree when warranted.
When the last principle must be invoked, both parties should agree that the audit committee of the board must be apprised and, when appropriate, arbitrate the points of disagreement. This option should be rarely needed, but when it is, it should provide each party with the comfort to stand its ground when seeing things from a fundamentally different point of view.
Back to the original question: "Is the general counsel friend or foe?" It certainly would be counterproductive for an organization if the answer is foe. However, it is unrealistic to assume that general counsel will always agree with internal audit. Instead, I characterize the best relationship as one of "professional colleagues." The general counsel should be internal audit's advocate, not its adversary.
I welcome your thoughts.
*In the spirit of full disclosure, I want to note that the CAE who was a subject in the Reuters report, Doug Anderson, is a former executive committee member of The IIA and currently serves as The IIA's managing director of CAE Solutions.