Recently, I was having dinner with a friend of mine — someone
who is also involved in the internal audit world. The conversation began going
in rather strange directions (something that I find often happens in the really
good discussions) and, in spite of the vagaries of that discussion, it
continued to have something to do with internal audit. At one point he made a
comment that I have heard more than a lot of times from more than one friend,
colleague, acquaintance, enemy, etc. “Uh-oh. Why do I feel like I’m going to be
part of your next blog?”
Anymore, most people I work with, talk with, consort with, or
deal with in some capacity or the other are aware I have this blog. And, if
they have ever read it (and, trust me, that reduces the numbers by an
appreciable amount) they know that much of the fodder for these blog posts
comes from the real world.
With that in mind, you might think that people would be afraid
to make even the merest of utterance in my presence. (I am reminded of David
Sedaris’ comment that he writes essays about his family so much that they are
afraid to hang around anymore.) But, surprisingly, I don’t think anyone is
holding back. I like to think that one of the reasons is they feel I do a pretty
good job of maintaining anonymity when anonymity is required.
If there is no harm, I’m more than happy to give credit
where credit is due. As an example, I’ve got a partially written post about
Maslow’s hierarchy of audit client needs that came out of a discussion I had
with a group of auditors working for my good friend James Hansen. I think some
important things came out of that discussion, and I’m trying to articulate them
in the best way possible. Hence, the long interval between discussion and
publishing of the blog post. But, none of it would have ever come up if the
group had not been having a very robust discussion as a part of training I was
delivering. And I only bring up James’ name (and his group) because I know he
won’t mind, it was positive aspect of the already positive training that
occurred, and I believe they deserve some credit for helping drive what will
come from that discussion.
Now, in other situations, I’ve tried to do my best to
maintain the anonymity of the guilty, the not guilty, and the somewhere in between.
After the publishing of one of my columns in the magazine, I
was having lunch with an auditor I had worked with at Farmers Insurance. His
first question was “which auditors in Farmers were you talking about?” I quickly
(and honestly) told him that none of the examples had come from my Farmers
audit experiences. I’m not sure what that says about the auditors the gentleman
was currently working with, but I see it as evidence that I do a pretty good
job of disguising identities when such obfuscation is necessary.
But, if you are any kind of auditor at all, this should be
We live by the information we obtain. And only a small part
of the valuable information comes from the audits we do. The truly valuable
information comes from the casual conversations — the ad hoc meetings; the hallway
how’s-it-goings; the “Is-anyone-sitting-here?” lunches; the cuss-discuss-and-bs
after work at happy hours, dinners, bowling leagues (those still exist, don’t
they?), or any other congregation of two or more employees where people open up
and begin to talk about what is really going on. This is where we have the
opportunity to get the information that leads to a real understanding of the
organization, the employees who work in that organization, and the way the
world works in and around it.
Looking back, I remember many times when someone would be
talking to me and suddenly realize they were talking to “THE AUDITOR!” And I could
see that look in their eyes as they began to recognize that what they were
saying might come back to haunt them. It took a lot of work to build enough
trust with the employees of the organization for them to ignore that
realization and move forward, knowing that they were safe sharing just about
anything with me without the ramifications coming back to ramify them.
That isn’t to say I ignored the information. If it was
valuable and a part of what internal audit should be doing, then it was
incorporated. But I did my best to protect the privacy of those involved. In
more than one instance, my CAE asked how I happened to know something. And, if
I explained that I really couldn’t divulge the source, then he accepted it and
we moved on.
Internal auditors live on the facts and information they
gain during their audits. But they thrive and grow on the casual information
that comes from being in conversations that occur while being part of the organizational
team. And that can only be obtained when those providing such information trust
the auditors with the information and, in some instance, even their careers.
And, you know what, you might be surprised how much you can
learn if you join the company bowling league.