Periodically, I am provided statistics about my blog by Internal Auditor magazine, and I was pleased to learn that my posts in 2017 were read more than 100,000 times.
The most popular was one I fondly refer to as the blog post that keeps on giving – or resonating with my readers. In May, I featured a repeat of a 2011 blog post titled 10 Things Not to Say in an Internal Audit Report, which drew more than 11,000 reads on its own this year. This post possesses two key characteristics of my most-read posts throughout the year.
First, it provides practitioners with practical advice about enhancing performance. The best internal auditors constantly look to improve their work, understanding that they must never stop learning. I devote an entire chapter to intellectual curiosity in my book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Part of that chapter addresses how intellectual curiosity leads to lifelong learning.
"As I mentioned before, experience and knowledge are crucial to making the right call. That's why commitment to lifelong learning is not a chore for outstanding internal auditors. They truly can't see any other way to do their job. Their intellectual curiosity compels them to discover new things, understand on a more profound level, and expand their knowledge so they can make useful connections among disparate facts. Like Aristotle, they recognize that 'the more you know, the more you know you don't know.' And they are determined to remedy that."
The second key characteristic of my most-popular post is that it provides vital information in an easily digestible list format. Let's face it, internal auditors love lists — or at least checklists.
So, here are my top blog posts for 2017:
10 Things Not to Say in an Internal Audit Report — This post makes the case that, "It's not what you say, but how you say it that counts." A well-written audit report should be a call to action, but a poorly written report can result in inappropriate action, or in no action at all. Choose your words wisely.
Seven Signs You Might Be a Jurassic Auditor — This post, the most popular new entry this year, admonishes against the dangers of living in the past and not embracing change. Readers were quite eager to offer their own "signs" to this list.
Management vs. Internal Audit: 5 Frequent Sources of Tension — For the most part, management and internal audit work together for the betterment of the organization. Despite being allies, however, they do not always see eye to eye. While some disagreements are easily resolved, some may be serious enough to impair internal audit's ability to carry out its mission.
Outsourcing Internal Auditing Do's and Don'ts — There is little question that the profession will have to expand its skill sets as it pivots to meet growing stakeholder demands. Outsourcing internal audit will likely become an increasingly attractive option, as management and boards seek arrangements that best suit their demands and budgets. This post offers important information to avoid potential pitfalls when outsourcing the function.
COSO ERM Update: A Vital Tool in 21st-Century Risk Management — The growing complexity of governance, risk, and control is the product of a fast-moving world, where powerful technological, socioeconomic, and geopolitical forces can quickly morph the risk landscape. As such, all those who help manage and assess risk across the enterprise must have the best tools and processes available to them. The new COSO Enterprise Risk Management (ERM) framework provides a comprehensive and sophisticated tool that advocates the value of ERM when setting and carrying out strategy.
Five Things the Audit Committee Is Still Reluctant to Say to Internal Audit — This post offers an update to a list that every CAE should take to heart. I often find that audit committees are uncomfortable pointing out to the CAE what internal audit could do better. Instead, they leave it to management to deliver the news, and the translation isn't always pure.
United Airlines: A Lesson for Internal Auditors on the Risks of Social Media — Warnings about social media are nothing new, and most organizations have at least a rudimentary understanding of the value and danger associated with it. But I believe few are truly operating at the speed of risk on this issue. United Airlines offered a painful example of this in 2017. The airline suffered a big reputational hit when a video of a passenger being forcibly removed from one of its aircraft went viral. Its poor initial response only compounded a bad situation.
These are the blog posts that resonated most with you, the readers, in 2017. I hope you enjoyed reading them as much as I enjoyed putting them together.
It is ever-present in my mind that the job of modern internal auditors is complex, challenging, sometimes dangerous, and too often undervalued. This is why I make sure every one of my blog posts contains useful information for internal auditors in the field. These top blog posts for the year reflect an eagerness by my readers to expand their knowledge of the profession and improve their service to their organizations. This gives me great comfort about the profession and its future.
As always, I look forward to your comments.