Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

ASAP Is Now Table Stakes​​

Comments Views

Last week, I posted a discussion about why so many (maybe all) audit projects seem to always be late. Much of this focused on the need to better coordinate the work and identify down times in the audit process.

There were some interesting comments in response to the blog post on and Linkedin where people discussed things such as having a better understanding of how long certain audit tasks might take, doing a better job of evaluating risks, and some specific suggestions on how work process could be improved.

One of my favorite responses came from Corey Hlavacek who pointed out three of the biggest culprits: audit methodology frameworks that, in the name of trying to ensure perfection, hamstring the entire process; the constant reviews of the reviews of the reviewers who reviewed the reviewer's reviews; and audit reports that have to be perfect.

Amen on every one of those.

But I want to move past some of this and emphasize the point I was trying to make in the second half of the post. Getting things done on time is the first hurdle. But the bigger hurdle is getting things done more quickly. The current timeframes most of us are using are not conducive to providing the timely information our clients want and need.

As fate, luck, and serendipitous circumstances would have it, shortly after I posted that post, I read a quote that came from John DiJulius, author of the book The Customer Service Revolution: Overthrow Conventional Business, Inspire Employees, and Change the World.

Wait. Before I even get into the quote, let's chat. Other than when doing an audit over the organization's customer service operations, what does customer service have to do with internal audit?


You see, as a profession we've done a really nifty job of moving away from that almost condescending term, "auditee." Yes, people still use it, (I've been known to continue falling into that trap myself — it's really hard to reverse 30 years of habit,) but we are getting there.

Now, the preferred term is "client."

And, to be honest, I don't really like that one either. Better than "auditee"? No doubt. But it still has about it a certain sterility that reminds me too much of the necessity of written contracts, billable hours, and a relationship that has to constantly reach across an elephant-in-the-room chasm.

My preference is "customer."

I know some disagree. I think there is the feeling that this term might be confused with the organization's customers, or that it doesn't seem professional enough, or that everyone has finally learned "client" and changing again will just be too hard.

But, I think it does a much better job of setting the expectations of what all our stakeholders should demand from internal audit. It shows our commitment to provide service to every one of our auditees/clients/stakeholders. It shows that we are here to do more than work with them; it shows that we are here to work for them — to provide services specifically geared to their needs. And it also helps bring home the point that, if they do not like the service they are being given — if we do not provide value for the investment they have made in us — they can then take their business elsewhere.

(And don't throw your charter in my face. That is nothing but a piece of paper that was never meant to protect the internal audit department if an outside consultant arrives who, even if they use the word "client," really knows that the people paying the bills are, first and foremost, "customers," with all that means.)

So, that is why I am about to quote an expert on customer service. (Remember? I promised you a quote.) DiJulius said "[Customers] expect information, answers, products, responses, and resolutions sooner than ASAP."

Last week, while I spent some time talking about the trouble we have meeting our own deadlines, the main point I really wanted to make was that, even if we meet the deadlines we currently have, we are still taking too long.

DiJulius nails it.

Internal audit's customers will no longer tolerate the completion timeframes that are still based on and embedded in 1980s, 1990s, and 2000s mindsets. Whether they say it out loud or not, our customers — the board we work for, the C-suite we work for, the directors we work for, the line managers we work for, the supervisors we work for, the line personnel we work for, the *choke* clients we work for , the *choke, choke, choke* auditees we work for, the customers we work for — expect information, answers, products, responses, resolutions, reports, findings, opinions, and value (repeat that one again and again — value, value, value, value, value) sooner than ASAP.

What we think was possible (those antiquated deadlines we cling to with petrified memories of what used to work in the olden days) results in valueless information because it gets to our customers way … too … late.

The new due date is Right Now! And if we do not supply value within that new deadline, someone else will.

And, if your customers are letting you get away with the slow dribbling of information that has become our status quo, then there is a more insidious problem. If they don't care how long it takes you to provide your information, then they don't value it.

Don't even find yourself in a position where you have to start asking those kinds of questions.​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3