Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

Collecting Metrics Is Not the End Game​

Comments Views

Last week, I tried to make the case that all the metrics in the world will not prove our value to our stakeholders. The resulting debates on various social media platforms (particularly LinkedIn) seemed to support the idea that measures were not the way to prove success to the board and the executives. The consensus seemed to be that the only way to get those stakeholders on our side is through open, honest, two-way communication.

That shouldn’t be too surprising. And I was glad the community seemed to agree with that one.

However, the comments also contained resistance to the idea of completely eliminating internal audit metrics. In one case, the comment was made “If we abandon our metrics, can we expect (and accept) that from those we audit?”

A valid question. To which I responded “Maybe metrics aren't the perfect answer in every situation and, perhaps, we demand ‘metrics’ in too many situations.” In other words, to say we should have metrics because we expect everyone else to have metrics evades the fundamental question — are metrics always necessary?

You see, if we blanketly refuse to eliminate metrics just because we think we need metrics, we are missing the fundamental questions. Why are we using metrics and what are we going to do with them once we have them?

The two questions actually come to one answer. The only reason for metrics is not to show how well we’ve done; it is to show how we will change.

Here’s a quote from Seth Godin. “Don’t measure anything unless the data helps you make a better decision or change your action.”

Numbers for numbers’ sake (or numbers put together to do nothing more than show our present situation) is a waste of our precious resources.

For all the numbers and measures and key performance indicators (KPIs) and recording of positive things we do, far too much of it is merely an exercise in collection, gathering, and reporting that, for all intents and purposes, does nothing more than state “Well, here we are.” How often do we look at the final numbers — good and bad — and make the commitment to actually use that information to drive improvement in our departments? How often do our measures of success cause us to do anything differently?

One of the failings of most balanced scorecards (an approach I describe a few weeks ago) is that people see it as a snapshot that exists to do nothing more than provide information on one moment in time. Such is not the purpose of the tool. The real value of balanced scorecards is not the first measurement; rather, it is the subsequent measures that show the advancement of the department.

And I would argue that few of us use our metrics to show progress or (as Godin puts it) make better decisions or change our actions.

Let me give you an example by referencing a metric that seems to be in common use. I should note up front that I loathe this particular metric. But, just because I hate it — just because I had bad experiences with it — is not a reason to believe it is a bad measure. Any good measure used poorly becomes a bad measure. So, whether I think it is wonderful or think it absolutely stinks, it will help prove the point I want to make.

Utilization: The percentage of auditors’ available time spent on audit work.

Now, there are a lot of slippery curbs in this one, probably the biggest one relating to how “audit work” is defined. Is relationship management audit work? Is sitting in on committee meetings audit work? Or is audit work strictly the time spent on an actual audit? But let’s pretend that is all ironed out to everyone’s satisfaction. (However, this does offer the opportunity for a quick aside and reminder that, before you can even measure, you have to define.)

The main point relates to how most audit departments gain no value from measuring this statistic. Let’s say the department is trying to achieve 80 percent utilization. (Again, we’ll pretend this makes sense in the theoretical en​vironment we have established.)

So, with the goal set at 80 percent, the overall result for the department turns out to be 75 percent. As Karl Malden once said, “What will you do?”

Seldom have I seen a department look at such results and ask the real questions — the ones the internal audit departments would be asking if they were doing a review of someone else’s department. Is 80 percent a reasonable rate given the criteria and circumstances? If that is reasonable, then what in the process is broken that does not allow people to reach the goal? What training, support, etc. do people need in order to have a better chance of meeting such goals? Is there an inherent flaw in the planning and assignment process that will always lead to failure?

All valid, root-cause, critical-thinking questions.

However, invariably the response by internal audit leadership is to sit down with every employee and let them know that these results are unacceptable, that 80 percent is the commitment that has been made, and that they need to try harder in the coming year. Rather than finding out what is going wrong — rather than using the information to make a better decision or change actions — the blame is placed on people.

Utilization is just one example. I find that the majority of metrics (good and bad) are misused. They are compiled to heap praise or disdain, not used to determine how to make things better.

If we have to measure something (and for all my previous rants and raves, I believe there is an important role for metrics within an internal audit department), then we better make absolutely sure we are going to use those measurements for something more than building the colorful tail feathers of a strutting peacock that screams “Look at me; look at me; look what I’ve done!”

Use all those metrics you’ve been collecting (at least, the ones that have some bearing on the work and results that are desired) to actually develop and improve operations — improve to know where your opportunities lie, improve to efficiently and effectively provide useful information, and improve to better serve the customer.​

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this blog post

comments powered by Disqus
  • Your-Voices-Recruitment-January-2022-Blog-1
  • Fraud-Virtual-Conference-January-2022-Blog-2
  • IT-General-Controls-Certificate-January-2022-Blog-3