Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

Internal Audit as a Solution​

Comments Views

As an audit department, do you understand why you exist? Oh, I know the profession has a red book's worth of definitions and missions and principles and codes and standards and guidance, and your department has probably developed some kind of mission statement (stated or implied) that talks all about objectives and risks and controls and being a partner and collaboration and trusted advisors and change agents and critical thinking and maybe even a line about being a talent incubator. But, stripped of all the rhetoric we so easily spout (not that there is anything wrong with our catch phrases and favorite clichés, but we use them so much they have become buzzwords with questionable substance), do you know the underlying meaning of all that verbiage? Can you articulate what it is you are really selling to your clients?

Ultimately, that is the purpose of a value proposition — to be able to define and articulate what it is your audit department is selling. I have seen a number of audit shops that have worked through the steps of developing a value proposition and some have worked out well; some not so much. But even when the results have not been as successful as they may have wished, few have rued the decision to take on the project.

I'm not going to go into a lot of detail about how to develop a value proposition here. A quick search should provide you a good background. And if you want something more internal audit specific, I wrote an article on the subject titled "5 Steps to Marketing Your Audit Department" that was published in the August 2015 issue of Internal Auditor. I'll just say that, generally, a five-step approach is used: Know your customer, know what you deliver, know your competition, know why you are the solution, and know how to express it.

Obviously, there's a lot that underlies those simple statements, but that gives you the basic idea.

However, I recently stumbled across an article on the Forbes website written by Michael Skok back in 2013 titled "4 Steps to Building a Compelling Value Proposition." (Remember, I said generally a five-step process is used.) He starts with something that is well worth digging into a little deeper — something that could benefit every internal audit department, whether they are building a value proposition or not.

He proposes that the first step should be "Define the problem set to help vet whether it's a problem worth solving."

Without working too hard, you can see the broad application of the concept. Every department, process, function, or organization exists to provide a solution to a problem. No matter how it is couched — from building a better mousetrap, solving world hunger, or building the fastest anything, to keeping financial records straight, building widgets quickly, or just keeping the building clean — at the root of the purpose of any department/process/function/organization is solving a problem someone is experiencing.

It is no different for internal audit. Before we can convince others of the need for our services, we need to define the problem that we are solving — selling them solutions, not just services.

But most audit departments, when trying to determine their value, what they do for a living, or even why they exist, do not think in terms of their existence being the attempt to solve a problem. Most audit departments couch it around what they do, not why they do it.

And I am convinced that is why you see audit shops that confine themselves to U.S. Sarbanes-Oxley Act of 2002 or compliance work, who sway with the fickle whims of executive management, or just exist because someone said there had to be an internal audit department. Even if they have gone so far as to actually "define the problem," they have not necessarily found a "problem worth solving."

Now this doesn't mean some of those audit shops aren't doing good work (even the ones who find themselves trapped in the Sarbanes-Oxley and compliance ghettos). But that good work is as much a function of luck or the fact that someone within the department — usually someone in leadership — has really good gut instincts as it is understanding what internal audit is trying to solve.

There was an audit group I got the chance to work with a couple of times over the years. I watched it go from a vibrant, engaged audit department to one that was working by rote — no waves, no challenges, just deliver what has always been delivered. And the primary reason was that audit leadership had changed, and the luck and the gut feel (mainly the latter) was no longer relevant.

This audit department had never really defined the problem it would be solving and, without the direction such a definition would provide, it destroyed much of what they had been able to accomplish.

Charles Kettering, inventor and head of research for GM, once said "a problem well stated is a problem half solved." When internal audit can define the problem it wants to help solve, then it is halfway home to selling its services. And that is where those buzzwords come into play. They are the bread and butter of what we do and what we want to become. But they take on real meaning when understood in the context of how we are actually going to help solve the important problems our clients are facing.

There is still more of value in this article, something that may speak to the way we select the audits we are going to put on our annual schedule. So next time we'll ask the question: What problem are we trying to solve in every audit we do?

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
  • IIA GRC_APril 2019_Blog 1
  • IIA Guidance_April 2019_Blog 2
  • IIA CIA_April 2019_Blog 3