What Would You Say ... You Do Here?​​​

Comments Views

As I warned you yesterday, I want to kick this discussion off with a little bit — well, quite a bit — of history. You see, I find that, as I get older, everyone else seems to get younger. And, as the percentage of internal audit population that is younger than me grows in an alarmingly exponential fashion, that means there is a correspondingly greater percentage of internal auditors who may not know some of the (what I still consider) recent events that have helped shape the profession and caused/helped it to be where it is today.

Now, before I dive in, a caveat. This is not an extensively researched dissertation on exactly what happened in the past. Instead, this is an oral history — the events as I experienced them, as I remember them, and as they were told to me by others. Therefore, it is probably as accurate as 90 percent of what you read on Wikipedia (and 110 percent of anything else you find on the internet). But this is​ the way it happened. (I think.)

It was the 1990s. And the buzzword was “outsourcing.” “Buzz” is an incredibly applicable word because that whirring noise was the sound of audit shop after audit shop getting cut off at the knees as various consultants, vendors, and external providers began finding ways to replace internal audit shops worldwide.

The consultants (I’ll use that as the generic term from here on) approached each audit committee, board of directors, executive committee, or whatever group served the organization’s senior governance function with a very compelling message: “We can do the same work your internal audit department is doing … but cheaper.”

You want to get a committee’s, board’s, or whatever’s attention? Tell them you can save them money.

The consultants explained they had the same background as the internal auditors (often focusing on accounting and compliance roles) and that they would bring in an expertise and economy of scale that the internal audit group could not match. The promised end result was assurance at half the price. (Okay, not half, but that flowed too easily off the keyboard to not stick with it.)

The boards (I’ll use that term from here on to represent whatever group of almighty, all-seeing men and women [actually, mostly men, but that’s a whole other issue that is best discussed at a later time] … the men and women behind the curtain who were actually pulling the levers and pushing the buttons that made the great and powerful organization run) … the boards received these sales pitches, and one of three courses of action were set into motion.

The first set of actions were the kind that every internal auditor would hope for. The board listened to the outside consultants, looked at the work that was being accomplished by internal audit, took into account the various value-adding services and insights internal audit was providing, reviewed how internal audit was seen as a partner to the business, evaluated how internal audit’s analysis was an important part of the decision-making that was completed throughout the organization, and (figuratively) laughed the consultants out of the board room.

I want to emphasize an important point. I have used phrases that get bandied about quite a bit these days — value-adding services, insights, partner, part of the decision-making process — but please recognize that those were not phrases commonly used back in them thar days when talking about internal audit. Yes, a lot of internal audit shops provided those kind of services, and the phrases were beginning to peak their metaphorical heads above the surface, but that nomenclature wasn’t all that common.

These were the audit departments, auditors, and chief audit executives (CAEs) who did more than tick and tie, report problems, bayonet the wounded, and do nothing more than make sure all the rules were followed. These were the audit departments, auditors, and CAEs who had built relationships throughout the organization; who sold their services; who, consciously or unconsciously, showed that a successful organization is the one that has a vibrant audit department that is a partner with the business.

(At Farmers Insurance, I was lucky enough to work for one of those companies and one of those CAEs. Every quarter the external auditors made their sales pitch to the audit committee, every quarter the pitchers were thanked for their time, and every time there was no sale — no outsourcing. And internal audit continued to provide the company with services that were of greater value than the total expenses we incurred.)

So, quite simply, the first set of actions was, effectively, nothing happened. The internal audit department was not only providing value, but also doing an excellent job in selling that value to its customers. The interlopers could not make the case that they could actually do a better job.

Here is the significant takeaway from this part of the story. Not only were these internal audit departments providing great value, but they were selling that value.

And that is just about enough history for one day. Let me give you your next piece of homework. (What was the first piece? Remember yesterday’s request for you to evaluate the amount of regulatory work you were doing? You did think that one through, didn’t you? I’d hate to have to give you an incomplete.)

Your second piece of homework: Can you articulate the value you are providing to your board? Can you identify the value you provide that an outside consultant cannot?

Think about how you would answer those key questions. Because being able to articulate and sell that value is the difference between the first set of responses we’ve been talking about today, and the set of responses (less positive responses) we will talk about in the next post.

The opinions expressed by Internal Auditor’s bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
  • MNP_Natonal Can Conf_Sept2017_Blog 1
  • SCCE_Aug2017_Blog 2
  • IIA CERT-CPEA-AFW_Sept2017_Blog 3