Internal Auditor’s blogs reflect the personal views and opinions of the authors. These views may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers’ employers or the editors of Internal Auditor.

​Control, Freedom, and Trust

Comments Views

Let me tell you a story.

For a period in the 2000s, I was in charge of the Farmers Insurance audit departments in Phoenix and Colorado Springs, Colo. I decided to bring the two groups together — 8 auditors — for a 2-day mini-conference. We met that summer at the halfway point, Durango, Colo. Not a bad gig.

It all went better than I could have hoped. It served as an excellent team-building experience, allowing two teams that worked well by themselves to get to know each other and become a cohesive single unit. I had each person do presentations over the two days, so there was a sharing of knowledge. And the interactions allowed me to see the auditors in a different situation, verifying my belief in the strengths of some, identifying issues with others, and finding a couple of hidden gems who I was able to bring to the attention of upper management. And, in the evenings, we were able to experience the fun and beauty of Southwestern Colorado. A good time was had by all.

It was an event that was often talked about within the group. And, during a meeting with upper audit management later that year, the team expressed their feeling that it was one of the best experiences they had ever had in internal auditing. They went on to explain that it wasn't just because they got a great trip out of it, but because of what they learned about the team, about auditing, and about the role of our department within the company.

Oh, did I mention that I did this without any official OKs, approvals, signatures, or real authority to do any of it?

Is this a tale of opportunity taken? Is it a tale of questioning the boundaries of acceptable behavior? Is it a cautionary tale of a manager run amok? Is it a tale meant to kick off a blog post because I'm not sure how best to begin? Is it a tale that has gone on too long and taken up way too much space?

Well, to be honest, it's all of those.

I want to continue a discussion we were having during our last visit — a discussion about how freedom can be used to control and how stifling internal auditors' freedoms in the name of control negatively impacts our effectiveness and our progress as a profession. And the above story provides an interesting backdrop to that discussion.

Last week's post started with a quote from Zen master Shunryu Suzuki: "To give your sheep or cow a large spacious meadow is the way to control him." 

We discussed the fear internal auditors have of making mistakes and how this causes us to micromanage the work we do. To use Suzuki's metaphor, our fears result in us not only limiting the space in the meadow, but actually tying auditors to a metaphorical stake in that meadow.

But, once we allow ourselves to quit micromanaging (or, at the very least, overmanaging and over-reviewing — which may be the same thing), there is a greater freedom we need to talk about.

Last time, in an attempt to define just how much freedom auditors were allowed, I provided a list of "Are your auditors allowed to …" The first part focused on micromanagement issues. But the second part looked at broader freedoms: allowing them to explore new audit techniques, use new tools, or suddenly spin off on new projects for no apparent reason other than they seem like a good idea at the time.

To get a feel for where you may fall on the "freedom allowed" spectrum, let's look at a potential real-world example.

A current hot topic is robotic process automation (RPA). Related to that is the concept of the citizen developer — employees within each department (in our case, internal auditors) who develop programs without input or influence from the IT department. There's a lot more to the concept, but this is enough to get us through this discussion. (Note that it's well worth your time to find out more on the subject.)

Here's three scenarios. And, in all three scenarios, let's assume you believe the auditor has the skills needed to accomplish the requested project.

Scenario No. 1: One of your auditors comes to you and says, "I keep hearing about RPA, and I'd like to learn more about it, including its potential application within the department? Can I have some time to research it?"

The time the auditor needs may have some impact on the completion of the audit schedule.

Scenario No. 2: One of your auditors comes to you and says, "I've been hearing about RPA, and I've been doing a little research. In fact, I've been doing a little programming, and I think we could use it in the department. Can I have some time to explore developing programs that might be used within the department?"

The auditor has been doing this research at work, squeezing it in between audit projects. The time the auditor needs will definitely impact the audit schedule.

Scenario No. 3: One of your auditors comes to you and says, "I've heard a lot about RPA and started doing some programming. In fact, I've developed some programs we could use, right now, in internal audit. I'd like to start putting them into production, as well as begin looking into other opportunities."

One more time, the schedule is going to take a hit. In addition, you now have an explanation for why there have been delays in this auditor's recent work. (Nothing detrimental, but a definite slippage in timeliness.) Further, it is hard to tell how implementing these programs will further impact the schedule. Ultimately, it should increase efficiency. But, in the short term, there may be delays and even cancellations.

How do you respond to each scenario?

Get a group of auditor leaders together and these scenarios will engender some intense discussion. There are a lot of issues on the table and, if this were part of a seminar, I'd set aside at least one hour for cussing and discussing. But I'm heading to one particular point.

To begin with, if you shudder at the thought of any of these scenarios — if you see auditors stepping outside their boxes and taking liberties that should not be taken — or even if you think, "Well, these are nice ideas, but we'll all need to talk about whether this is the right direction for our department before taking any further action," then you have a problem. It is probably safe to say that creativity and innovation are crushed in your department before they can even make an appearance. Warning: More than likely your department is stagnating and you may want to start perusing the want ads.

But let's move on.

The three scenarios represent increasing degrees of freedom that might exist in audit departments. In the first, we see an auditor willing to explore new things. However, Auditor No. 1 wants to make sure everything is okay before moving forward. Is it good that the auditor asked permission to move forward? Maybe. I'm glad this individual is willing to explore, but …

Compare that to the second person who has actually taken steps to learn something new. That is a good thing. However, what opportunities may have been lost by not asking for additional time to do that research in the first place? It might have been better if Auditor No. 2 had asked earlier and been given the time to move the project along more quickly.

And then there is Auditor #3. I'm guessing many of you didn't like this approach. However, is it necessarily a bad thing? The auditor's excitement and inquisitiveness has driven this individual to explore new areas and come to you with solutions in hand. This auditor probably feels she has the freedom to move forward with an eye on any prize she thinks has value.

There is no right answer for any of these scenarios. But your reaction will speak volumes about the freedom you are giving your audit staff. (And, as an internal auditor, your expectations regarding the reactions you might receive from your leaders will speak volumes about the people for whom you work.)

But here is the fun part. The sooner you allow people the freedom to explore, the sooner they will return that trust with results. When I first came into internal audit, I was lucky to work for leaders who allowed me a lot of freedom. Yes, I was trained, but I wasn't forced down a path. And I believe this approach was part of the reason I was willing to explore and take the chances I did throughout my career.

Which brings us back to Durango.

Let's be honest. When I held that conference, I overstepped my boundaries. I went beyond the meadow. And it is only many years later, speaking with my then associate vice president, that I've learned I may have been in more trouble than I knew. (Note that this was not an isolated incident, but we can swap such stories later during happy hour.)

But I think I got away with it because of success. I succeeded with that venture, and I had succeeded with other ventures in the past. Our chief audit executive was fond of saying that a co-worker (Paulette Keller, to drop a name) and I were "creative, but dangerous." We bore that badge proudly because it showed we were trusted to explore, and we were trusted to do so in a way that would not damage the department or the company.

How many people do you have on your staff who are creative? How many do you have who are dangerous? Or do you even know the answer because you have tried to control the danger (and by default, the creativity) by keeping your staff fenced in a meadow that is smaller than it should be?

And how many good people have you lost because that meadow was too small? And, again, do you even know the answer to that last question because you never let them to do more than feed in the tiny meadow you allowed?

I started last week's blog post by implying that I was talking about management. And, when you talk micromanagement, well, it's in the word. But this has all really been about leadership. Good leaders lay out a future and then allow those they work with to achieve that vision. And good leaders know that can only happen when they trust the team with a large, spacious meadow.

And one more thing. If you haven't been to Durango, plan your trip today. You won't be disappointed.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.

 

 

Comment on this blog post

comments powered by Disqus
    • CIA-September-2021-Blog-2
    • Your-Voices-September-2021-Blog-3