To give your sheep or cow a large spacious meadow is the way to control him.
— Shunryu Suzuki
For this one, let's talk to the supervisors and managers in the crowd. (And to the future supervisors and managers. And to people who used to be supervisors and managers. And to people occupying even higher positions. You know what? Let's talk to everyone.)
Here is what I believe to be a basic truism for supervision, management, etc. Success for the individual and for the department comes from allowing people the freedom to do their jobs, including the freedom to do their jobs the ways they find work best. That is why the above quote from Suzuki resonates with me. I believe success comes from giving people a very large meadow.
However, there seems to be a reluctance on the part of internal audit leadership (at all levels) to allow audit staff such freedom. "Nay, nay," you say. "We have no such issues in our department." OK, then ask yourself, are your auditors allowed to change a test, change an audit objective, change the audit, cancel the audit, explore new audit techniques, use new tools, suddenly spin off on new projects (during an audit, during quarterly planning, during annual planning, out of thin air) for no apparent reason other than it seems like a good idea at the time?
We'll get to the second part of the above list in a bit. But let's look at the first few items. When you started reading that list, you probably were thinking, "Why, of course we allow such changes … as long as they are appropriately discussed and vetted."
Which begs the question, why do you not allow the auditor — a professional you have hired because of, among other things, critical thinking skills — to execute navigational changes intended to make the audit more effective? Why does there have to be constant scrutiny, to the point that each and every step of the audit, change or no change, must be reviewed and approved?
Why do we feel the need to hand-hold internal auditors — internal auditors of every level — throughout the audit process? (And with that, our first whiff of the brimstone-laden phrase "micromanagement" makes its appearance.)
We are a very risk-averse profession. To illustrate, here's a current, weird example of two opposite reactions internal auditors have to the same event. (And, so as not to get into a philosophical imbroglio, I will not state my opinionated views on the following subject.)
I have spoken with auditors who did everything they could to get the COVID-19 vaccine as soon as possible believing it was the appropriate way to mitigate what they saw as a serious risk related to the effects of the disease. I have also spoken to auditors who held off on getting vaccinated because they wanted to mitigate what they perceived as a serious risk related to issues that might still exist with the vaccines.
Two different reactions — potentially overreactions — to different risk aspects of the same issue. This proclivity toward risk aversion results in our profession laboring under what I believe to be its No. 1 fear, loss of control. (No studies to back this up. It's just something I believe based on observation. Don't agree? Let's take it outside to the comment section.)
Which leads to an interesting and sometimes nearly fatal approach to our work: the fear that we will lose control, we might make a mistake, and/or we could be wrong results in our inordinate and possibly unnecessary reliance on oversight and (dare I say it) micromanagement. Rather than giving people Suzuki's metaphorical larger meadow, we use short leashes to tie them to stakes in the middle of that meadow.
I further believe (again, nothing to back this up except personal observance) that this fear of losing control results in our profession being comprised of some of the worst micromanagers in existence.
Let me tell you a story.
A number of years ago our department was involved in team-building exercises. We were split into three teams who were trying to accomplish involved tasks. We were randomly assigned positions — workers, supervisors, and managers — and provided separate instructions on the ensuing roleplay. (I'm still questioning the "random" part since I, as a manager, wound up with a "worker" position. But I've gotten over it, honest.)
The exercise started and, in short order, one of the "managers" (who in real life was a supervisor), was harping at us about how much time was left, how we might do the job better, and, in general, playing the perfect role of the micromanager. In fact, he was playing it so well I assumed it was part of the background that had been provided prior to the exercise — the role he was to play.
During the debrief I brought up his approach and the negative impact it had on the team's ability to accomplish the tasks. I asked if it was part of the background information he had been provided. He looked a bit flummoxed and ever-so-slightly chagrined and explained that, no, such an approach was not part of his instructions; he was just trying to make sure we got it done right and on time. Later, I spoke with his actual manager and discovered that such an approach was exactly the one he used in all work situations.
A show of hands. How many of you have worked for this guy at some point in your career? One, two, three, 10, 30, I think we've got a majority, a sweeping mandate, a nigh-on unanimous vote. OK, honesty time. How many of you take actions that might be considered micromanagement? Hmmmm, not seeing many hands this time. Seems unlikely.
Let me tell you another story.
Quite a while ago, I wrote a piece for Internal Auditor magazine about micromanagement. In that piece I actually spoke, circumspectly, about one of the two associate vice presidents (AVPs) with whom I was working — a chronic micromanager. After it got published, AVP1 walked up and said, "Does AVP2 know you were talking about him?" Two days passed and AVP2 walked up. "Does AVP1 know you were talking about him?"
For the record, I was talking about AVP1, but that is neither here nor there. Rather, it speaks to self-awareness, or the lack thereof. And it speaks to the need for each of us to more closely inspect the way we work with those we are in charge of — the need to honestly determine if we are allowing them the freedom to get their work done or are clamping down in an effort to ensure perfection.
Do the stories and anecdotes prove internal audit's penchant for micromanagement? Not in and of themselves. But, if you examine your experiences, if you look closely at some of our own actions, if you review the policies and procedures your department has put in place, you will see the signs of micromanagement. And even a little micromanagement can cause a lot of trouble
By acting insecure — living in fear that we will do something wrong, cowering in the belief that we are not allowed to make a mistake, trembling in dread that we might make a single error, and sure that any infraction will erode our client's confidence — we micromanage our work, striving for a perfection that is impossible and unnecessary.
And so we review everything, and we stick to the plan, and we don't make any changes until it is run through the chain of command, and we micromanage. And the entire time we are keeping the auditors tied to a stake using a short leash as they long for the open meadow before them.
And here's the funny part about the above. None of it is what I originally planned on talking about; none of it is why I included the Suzuki quote. I got sidetracked from the real sermon I wanted to preach. But I see everyone looking at their watches, the collection plate already passed, the benediction read, the potluck ready to be served, and nothing left but the singing of "Nearer My Finding to Thee."
So, next time we'll talk some more about that metaphorical field that represents opportunity. And we'll talk about the fact that, even when we don't tie auditors to the stake, we still place the fences too close.