​​You Must Be This Tall to Ride This Blog Post

Comments Views

My family is a group of roller coaster fanatics. For my wife's 50th birthday (a few years ago – I will be a wonderful husband and not tell you how many) we went to Ohio, Pennsylvania, and New Jersey to hit some of the major amusement parks. The theme was "50 Coasters for 50 years." In a week and a half, we road 65 coasters. My daughter called it "The Puke Tour." 

The family's addiction started very early. I still vividly remember the few instances where my daughter, at that time taller than my son, could ride some rides he could not. It took interesting negotiations to survive those calamitous times. One year the solution was to put him in cowboy boots and spike his hair. Just tall enough to pass the bottom of the "You Must Be This Tall" sign.

That height restriction makes for a special club. Not necessarily an elite club; that would imply it is hard to become a member. No, there are a lot of people in the "Tall Enough to Ride" club. But it is a special club nonetheless. And it is a rite of passage to join that club.

Thank goodness there are no height restrictions when people want to participate – as a member or a client - in the adventures of internal audit.

And, to that statement I say, "Oh, if it were only true." (I originally had a shorter, more expressive reply prepared, but felt the powers that be might not appreciate such language.)

We claim we greet all comers with open arms. We claim to welcome the business as it explores ways to strengthen operations. We claim we want to be an incubator of talent by embracing those who would come to internal audit to learn more about the profession and the organization. We claim our desire is to be a partner with the business and we beg for acceptance within the organization.

And then, from the other side of our mouths, we obfuscate and confuse and use our knowledge of control and risk and process to build a priesthood of specialization that hides behind an idiosyncratic reporting structure and uses an arcane and obscure language, all driving a wedge between internal audit and the organization.

Okay, I know I am overstating things; I use hyperbole to make my point. But I am afraid that, for many audit departments, my hyperbole is closer to the truth than any of us want to admit.

Here are some tests.

When you talk to auditees, how often do you use the phrase "mitigate risk"? (And, while I'm at it, to their face and behind their backs, how often do you call them "auditees"?) How many other phrases do you use that are based on the cloistered language of "Auditese"?

When someone asks what the department does, do you answer in a way that can only be understood by someone who has sat for at least two parts of the CIA exam?

When hiring, do you look at internal candidates and dismiss them because, while they have great leadership abilities and an excellent knowledge of the organization, they do not have accounting or audit or some other experience you have deemed "too important to ignore"?

Does your approach with auditees (there it is again) reveal you as a department that tolerates them rather than works with them? (One time, an auditor literally said to me "This job would be so much easier if we didn't have to put up with the auditees.")

Have you ever told a client that they had to comply with your requests because of the internal audit charter and you would tell on them if they didn't?

Have you ever said, with a glint of retribution in your eye, that you respected the individual's opinion but you were going to go ahead and report it the way you saw it?

Ultimately, do you build an approachable department that speaks a language that any business person can understand, an approachable department that any business person would welcome partnering with?

Final question.

​How tall does someone have to be to work with your internal audit department?

​The opinions expressed by Internal Auditor's bloggers may differ from policies and official statements of The Institute of Internal Auditors and its committees and from opinions endorsed by the bloggers' employers or the editors of Internal Auditor. The magazine is pleased to provide you an opportunity to share your thoughts about these blog posts. Some comments may be reprinted elsewhere, online or offline.



Comment on this article

comments powered by Disqus
  • IIA Quality_July 2020_Blog 1
  • IIA Online Testing_July 2020_Blog 2
  • IIA Training_July 2020_Blog 3