Jamming with Jason E33: Risk-Based Internal Auditing

Even though we have been using the term “risk-based auditing” for over 20 years, many internal audit groups have not really implemented it … and many mis-understand the concepts behind it.

In this episode I explain the challenges and opportunities facing internal audit as a profession and why moving to a truly risk-based approach is the opportunity for us to overcome those challenges. I also discuss the confusion with the terms objective-based, or risk management-based audit.

I’ve been preaching risk-based internal auditing for over 15 years and am consider one of the leading world experts on risk-based internal audit (and yes I wrote a book on this, frameworks, certifications and have trained internal auditors all over the world).

If you missed the webinar on Establishing or Improving a Risk-Based Audit Approach, you can now access it in the cRisk Academy on-demand library at: https://ondemand.criskacademy.com/p/establishing-or-improving-a-risk-based-audit-approach/

Join me for a deeper dive into Risk-Based Internal Auditing on the next webinar: Thursday, October 31, 2019 · 9:00 AM PDT. Register at: https://www.bigmarker.com/crisk-academy/Deeper-Dive-Risk-Based-Audit-Approach-with-Questions-and-Answers-Q-A

To learn more about how you can enroll in a new course and receive your Certified Risk-Based Internal Auditor (cRBIA) professional designation visit: https://ondemand.criskacademy.com/p/certified-risk-based-internal-auditor-crbia/

You can also save 60% when you register for the cRBIA course before 30 November 2019.

Transcript

1
00:00:00.989 –> 00:00:12.660
Welcome to another episode of jamming with Jason. Hey, hope you’re having a great week. So far I’ve had a really good week. Actually, this this last week I

2
00:00:13.620 –> 00:00:23.250
I did a webinar on risk based internal auditing and this is a topic that I’ve been been discussing. I’ve written the book cabal on and I’ve taught

3
00:00:23.730 –> 00:00:34.080
taught courses all over the world developed certifications around this and it’s really a topic that the more that I’ve been thinking about, and the more I’ve been trying to answer.

4
00:00:34.710 –> 00:00:48.750
people’s questions really see that this is something that we need to discuss again. So I’m going to talk a little bit about this today. Like I said, I did a webinar last week about that and I’ll, I’ll link up

5
00:00:49.770 –> 00:00:54.210
To that in the show notes. So you can go back out and actually take a listen to that.

6
00:00:55.650 –> 00:01:01.410
But let’s let’s kind of jump in and talk about risk based internal auditing.

7
00:01:02.130 –> 00:01:07.200
Now I know some of you, you know, as you’re sitting here kind of listening to this may be saying,

8
00:01:07.560 –> 00:01:15.780
On the hold on just a minute, Jason, you know, risk based auditing, we’ve been talking about that for for 20 years. Isn’t that old old news.

9
00:01:16.320 –> 00:01:23.400
Because a lot of people now are talking about objective based auditing or Enterprise Risk Management auditing.

10
00:01:23.970 –> 00:01:33.180
Well what many of us have been talking about for the last 20 years that we’ve been calling risk based internal auditing is actually the same.

11
00:01:33.720 –> 00:01:41.160
Or similar, but in a new packaging that some people now are trying to call objective based because here’s the deal.

12
00:01:41.670 –> 00:01:54.180
Risk Based internal auditing from the beginning was about helping to audit areas of risk and other things that again relate to kind of governance as well as compliance areas.

13
00:01:54.630 –> 00:02:08.970
That are those things that may stop the organization from meeting its objectives. Okay. And so this is at a high level, here we’re talking about objectives at the high organizational level.

14
00:02:09.450 –> 00:02:21.060
And the problem is and why some of these other terms have been coming up is because, honestly. A lot of people are not actually doing what was intended behind risk based internal auditing.

15
00:02:21.540 –> 00:02:28.530
And in fact, let me, let me give you a kind of an example, most of the time when I talk to people they fall into one of three different groups.

16
00:02:29.100 –> 00:02:35.550
There’s some internal lot of groups that say, you know what, we’re not even trying to do risk based auditing, we’re just really kind of a compliance shop.

17
00:02:35.970 –> 00:02:50.370
Or we’re just doing testing around internal controls over financial reporting, we’re not really kind of going there. Okay, great. You know, that’s, that’s fine. If that’s what you choose to do there is a group that is in in that particular area.

18
00:02:51.540 –> 00:02:59.190
There’s others that you know they’ve been doing a risk based approach. They want to improve or get better at it. And so they’re always trying to learn and figure out

19
00:02:59.940 –> 00:03:09.420
You know how to do this in a better way. Because again, a lot of people are not really doing this in depth, and so they’re still trying to figure out how to do it.

20
00:03:10.080 –> 00:03:23.160
The third group are people that think they’re doing risk base auditing, but actually are not. And again, in my experience, what I have found is a lot more people are in that latter group.

21
00:03:23.760 –> 00:03:33.300
They think they’re doing risk based auditing, but the things on their audit plan don’t actually tie back to the key objectives of the organization.

22
00:03:33.840 –> 00:03:39.210
And so I’ll go through and talk a little bit about it. And like I said, I’ll talk a little bit about it in the podcast episode. It’s a little bit

23
00:03:39.660 –> 00:03:50.580
harder because it’s just audio. So again, I would encourage you to go out and take a look at that webinar recording so you can get the visual side of this as well.

24
00:03:51.210 –> 00:04:00.330
Now why are, why am I talking about this. Let me, let me go through and explain some of the challenges that are currently going on in internal audit.

25
00:04:00.900 –> 00:04:08.820
And again, I don’t know if you’ve seen these in your particular organization. But again, having been in the industry for a long time.

26
00:04:09.360 –> 00:04:20.670
Coaching chief audit executives training internal audit teams all over the world. I see a lot of what’s going on and I really kind of keep my finger on the pulse of the profession.

27
00:04:21.120 –> 00:04:39.630
In here, some of the things that we’re seeing internal audit is still stuck in the historical weeds. So we end up very far down in the process or transaction level within organizations and often we end up focusing kind of on the wrong areas.

28
00:04:40.680 –> 00:04:48.660
Those areas that we may believe are high risk, but actually to our organization are not high risk areas.

29
00:04:49.110 –> 00:04:56.790
Now, by doing that. What this means is often management doesn’t actually think that we are adding any value.

30
00:04:57.390 –> 00:05:08.040
Because we go away. We do this great audit. It’s done all in accordance with the standards. We’ve got a beautiful set of work papers and all our report just looks wonderful. We’ve got nice

31
00:05:08.400 –> 00:05:15.060
Charts and other things on it and we take it to management and they look at it and they kind of roll their eyes at us and think, okay,

32
00:05:15.600 –> 00:05:26.100
Thank you. But that doesn’t really help me in doing what I need to try to do to help move the strategies to help us achieve our objectives as an organization, going forward.

33
00:05:26.730 –> 00:05:32.400
And so again we see this over and over again, there’s been lots of studies that have shown that management.

34
00:05:33.090 –> 00:05:45.780
management’s view of the value that we add is significantly different than what we think. In fact, it’s usually anywhere from 30 to 40 percentage points lower than the value that we think we’re adding

35
00:05:46.410 –> 00:05:58.950
Which is a problem because what that means is it’s actually coming back and internal audit is being downgraded in some organizations or made obsolete.

36
00:05:59.370 –> 00:06:05.250
You know, sometimes management or look at it and say, Well, I don’t even know why we have this internal audit group. They’re not really adding a lot of value.

37
00:06:06.300 –> 00:06:12.000
Why don’t we create a new group, they can do some of this stuff. And we’ll just outsource the rest of the things

38
00:06:13.020 –> 00:06:26.310
Or, like I said, being downgraded we’ve seen again across some companies where what used to be a vice president or a senior vice president job at an organization for a chief audit executive

39
00:06:26.940 –> 00:06:37.020
When that person moves on and they repost. The chief audit executive job they’re actually downgrading it to a director or manager level.

40
00:06:37.500 –> 00:06:47.400
Now what that means is that the managers in the organization. Don’t think that internal audit is adding value because they’re downgrading the position.

41
00:06:47.850 –> 00:06:58.380
Having it to report lower and lower in the organization. And honestly, it’s usually somebody that’s not maybe as technically competent that ends up filling that particular role.

42
00:06:58.830 –> 00:07:04.680
So again, that’s an issue that we’re trying to deal with. And the reason why I like to talk about risk based out of thing.

43
00:07:05.190 –> 00:07:17.310
Is it actually helps solve some of those challenges. Okay. Because there’s actually there’s an opportunity and I want you to remember this anytime that there’s challenges.

44
00:07:18.120 –> 00:07:26.280
There are opportunities. Now you can choose to, you know, cry about the challenges and stomp your feet.

45
00:07:26.700 –> 00:07:44.070
Or you can actually take advantage of it and try to to move into those opportunities. So those challenges mean that we have an opportunity to align our efforts better with management so that management, actually.

46
00:07:44.820 –> 00:07:57.000
Views us as adding more value. Now, one of the ways that you can align your efforts with management is to focus on helping them to achieve their objectives.

47
00:07:57.390 –> 00:08:02.430
Which again is the basic you know purpose behind risk based auditing from the start.

48
00:08:02.970 –> 00:08:12.750
And. But again, the problem is most of the time we’re stuck down in the weeds auditing process and transaction level things from a historical nature.

49
00:08:13.110 –> 00:08:24.360
That most of the time, don’t help those managers. Now, if we want to be seen as a trusted advisor and adding value. We have to do more to actually help the organization.

50
00:08:24.810 –> 00:08:43.410
achieve its objectives, but by doing this, it allows us actually to be much more proactive and less historical in what we’re actually doing as well. OK, now let’s let me. I won’t get into kind of my whole story behind how I really kind of got to this point.

51
00:08:44.550 –> 00:08:56.850
But let’s just say, I’ve been on both sides of it, you know, being in charge of risk management compliance audit information security being a consultant being a trainer.

52
00:08:57.570 –> 00:09:04.980
Working in the JRC space and seeing how some of the other groups in the organization view internal audit.

53
00:09:05.490 –> 00:09:11.790
And that’s really kind of how I’ve gotten my perspective and see that unfortunately our profession.

54
00:09:12.150 –> 00:09:24.300
Is in a little bit of trouble. But like I said that provides us with these opportunities, but it means we actually have to start doing some things differently now.

55
00:09:25.260 –> 00:09:37.860
To get into that and kind of explain you know because sometimes when I talk to people, they say well you know I’m much more because of my background and my experience. I’m much more comfortable.

56
00:09:38.880 –> 00:09:47.760
Looking at processes, being able to take them apart. Look at the controls that are there and really be able to help make sure that from a process level.

57
00:09:48.150 –> 00:09:56.250
You know that we’re there. We’re doing a good job or, you know, I’ve got a finance background so I feel much more comfortable in the accounting area.

58
00:09:56.790 –> 00:10:07.650
And I, and I totally understand that but internal auditing is much more than just those limited scope areas. So let me, let me give you a little story.

59
00:10:08.820 –> 00:10:18.570
To help illustrate why this kind of happens and what we need to do different and I’ll share with you as well. A story from from my career.

60
00:10:19.410 –> 00:10:31.470
To try to help if you’re feeling that way how we can do things a little bit different. And then I’ll kind of wrap up with, you know, some different questions for you to ask yourself.

61
00:10:32.040 –> 00:10:46.680
To help you really see you know which of those three buckets are you in. Are you are you, you know, not doing it at all. Are you think you’re doing it, but you’re not really or are you at the point to where you’re trying to improve and incrementally grow.

62
00:10:47.850 –> 00:10:55.050
So the first story that I want to tell you is this. Actually, I’ve heard this is kind of a fable type of story but

63
00:10:56.040 –> 00:11:06.570
Having traveled a lot in the Middle East there there’s there’s kind of this character in the Middle East, called Gia ha or jihad. It’s kind of pronounced a little bit differently depending on

64
00:11:07.320 –> 00:11:16.980
where you’re at in the region, but one of the stories that I heard was about this man and and so he’s a fictitious character.

65
00:11:17.430 –> 00:11:26.310
And he’s kind of this wise, fool. Okay. And so he does a lot of foolish things but we learn wisdom from him.

66
00:11:26.760 –> 00:11:36.630
So very similar to like a SOPs fables and some of the other things that are out there in this kind of venue or vein. And so in this story.

67
00:11:37.110 –> 00:11:51.060
Joe haha is is wandering around, and he’s looking very, very panicked and he he’s he’s searching around, he’s looking underneath things you can tell that he is very

68
00:11:51.540 –> 00:12:02.280
Very anxious and very worried and one of his friends walks up to him and says john, my friend. It looks like you’re worried like, you are looking for something

69
00:12:02.820 –> 00:12:13.020
And he said, oh, yes, my friend. I, I have, I have lost my golden coin and you said what you lost your, your gold coin. Yes, I lost my coin.

70
00:12:13.440 –> 00:12:27.990
It’s been in my family for generations. So it has a lot of sentimental reasons for, for me, but it’s also made of gold and it’s worth a lot of money and I cannot find it. I need to find my gold coin.

71
00:12:29.010 –> 00:12:41.280
So his friend, of course, wanting to be helpful says, well, let me let me help you look for it. And so the two of them now are going around in this area, looking underneath everything trying to find this gold coin.

72
00:12:42.000 –> 00:12:52.740
And after a little while, his friend, you know, finally stopped and said, you know, Joe, how we we’ve we’ve looked all over the place and we cannot I we can’t find your coin.

73
00:12:53.700 –> 00:13:03.210
Where did you lose your coin and Joe. Hi. I looked at him and he said well over there any points you know not where they’re currently at

74
00:13:03.750 –> 00:13:17.130
And his friend looks at him and says, well, if you if you lost your coin over there, then why are we looking for it here and Jihad kind of shrugs and he looks up and he says there is more light here.

75
00:13:18.150 –> 00:13:31.650
And I, and I think that, you know, a lot of times, again, as auditors. I understand. I totally get that, you know, there’s some higher risk areas to the organization where we may not feel like the expert.

76
00:13:32.310 –> 00:13:43.050
And we’re afraid to actually look or go and try to understand some of these particular areas because we don’t really feel like we’re an expert.

77
00:13:43.740 –> 00:13:53.760
Well, let me tell you, we don’t have to be an expert to actually audit to actually be able to help provide some advice and insight to others.

78
00:13:54.060 –> 00:14:12.000
You know the outside perspective that we have asking the right questions. Seeing things from a different perspective can actually add a lot of value to people that again are usually stuck in the details of what they’re trying to accomplish. Now let me give you a little personal story.

79
00:14:13.950 –> 00:14:14.460
Excuse me.

80
00:14:15.510 –> 00:14:26.220
Somehow I made it all the way through high school, a bachelor’s degree and a master’s degree at university level, having never taken chemistry.

81
00:14:27.300 –> 00:14:33.390
Now, I took lots of physics. I always liked physics, much more than chemistry. And so I always chose

82
00:14:33.870 –> 00:14:42.270
To take physics classes or I had to take some biology classes for electives. But I never ended up taking chemistry in school.

83
00:14:43.050 –> 00:14:53.670
Now when you fast forward and I was a chief audit executive at one of the companies where I was at one of our major divisions was a chemical division.

84
00:14:54.480 –> 00:15:03.000
So here I was, I’ve got lots of business experience I’ve, I’ve worked with companies all over the world in all different kinds of industries.

85
00:15:03.390 –> 00:15:13.440
And I find myself now with one of our major divisions, being a chemical division and I probably need to audit something in that area. Right.

86
00:15:14.130 –> 00:15:19.830
Now here’s the problem. Like I said, I didn’t have any formal training in chemistry.

87
00:15:20.370 –> 00:15:38.190
I understood the periodic table of elements from a physics perspective and other things like that that I’ve learned over the years and had a basic understanding of kind of chemical reactions but myself I was not an expert in chemistry. Now, if we had to go in and audit.

88
00:15:39.630 –> 00:15:45.900
That particular division. You know what it’d be good for me to say, well, you know, I think there’s probably some risks in that area, but

89
00:15:46.320 –> 00:15:57.360
I don’t really understand chemistry that well and I don’t have a PhD in chemistry. So we, we really probably can’t do an audit in there. So I’m just going to kind of

90
00:15:57.780 –> 00:16:16.650
Pretend or ignore like it. It’s not there, just like kind of that jihad character would do. Well, of course not. I can’t do that. But at the same time. Do I need to have a PhD in chemistry in order to be able to audit the operations of our chemical division. No.

91
00:16:17.670 –> 00:16:26.220
Did I need to learn more about chemistry. Yes, I did. And so, in fact, what I did was I

92
00:16:27.330 –> 00:16:40.920
Got on the calendar with one of our operations managers who happened to have a PhD in chemical engineering and I sat down with this man over the course of two days.

93
00:16:41.880 –> 00:16:51.030
And he actually explained to me in detail the actual workflow and the chemical reactions and everything that were happening.

94
00:16:51.510 –> 00:17:02.310
Throughout his plant to explain how the how the end product comes in the chemical reactions that were happening. And when those chemical reactions were happening.

95
00:17:02.610 –> 00:17:14.310
What the byproducts were what we were splitting out how we were capturing each of those different things. How we were adding other things into it. And at the end of the day it came out at the end.

96
00:17:14.910 –> 00:17:25.770
With our product, along with usually some other byproducts. And so again, having him go through and understand and share with me.

97
00:17:26.580 –> 00:17:35.100
What those things were provided me much better context, in order to be able to understand that particular area.

98
00:17:35.550 –> 00:17:42.510
Then I could actually ask him more intelligent questions about why we were doing things, certain ways, right.

99
00:17:42.960 –> 00:17:52.980
But it also helped me to understand where the key control points were from an operational perspective because we were looking kind of at the operational flow of the organization.

100
00:17:53.580 –> 00:18:04.980
Of that of the plant and where those important controls were that if we were going to go in and audit, what would be the things that would be most important for us to take a look at

101
00:18:05.580 –> 00:18:13.320
Now again, that’s just an example of if you feel like you don’t have the information that you need, or that you’re not really

102
00:18:13.650 –> 00:18:18.630
Knowledgeable or have the education in those areas. Then there’s a couple of things you can do.

103
00:18:19.050 –> 00:18:25.170
Either first try to go and get it like I did, by sitting down with this operations manager for a couple days.

104
00:18:25.560 –> 00:18:36.360
And learning about what it is. Go take a training course right you can do that or bring in someone else to be able to help you on a particular project.

105
00:18:36.690 –> 00:18:41.340
So again, that means you could bring in an outside consultant, maybe, who has experienced there.

106
00:18:41.910 –> 00:18:51.780
Or you could bring in someone from a different part of the organization who is knowledgeable, to be able to help you in under standing those particular areas right

107
00:18:52.170 –> 00:19:01.170
Because, again, we shouldn’t just shy away from those bigger risk areas, just because we don’t feel like we’re an expert.

108
00:19:01.500 –> 00:19:16.500
In that particular area. Okay, so that’s that’s one of the things again like I said that I’ve, I’ve seen a lot of people kind of shying away from and not actually going after or looking at some of those truly higher risk areas of the organization.

109
00:19:17.520 –> 00:19:25.710
Now, another one that I hear a lot of people talking about too is, you know, I don’t really know what the key objectives are, what the strategies are

110
00:19:26.070 –> 00:19:35.550
Or, you know, we don’t get invited to those meetings. We don’t know what they are. We don’t know what management is actually, you know, trying to do, or what’s top of their mind.

111
00:19:36.090 –> 00:19:47.790
Well, here’s an easy answer for you. Ask them. Okay. Now again, you’re going to have to develop your relationship with them so that they can trust you.

112
00:19:48.570 –> 00:19:52.950
But ultimately, if you want to find out what the biggest risks in the organization are

113
00:19:53.280 –> 00:20:01.740
There’s, there’s a few different places where you can go and look and like I said I got into more detail on this in the webinar, so I’m not going to kind of belabor the point here.

114
00:20:02.220 –> 00:20:11.820
But the fact is, there are some easy questions you can ask in some places where you can go to be able to start understanding very quickly.

115
00:20:12.600 –> 00:20:21.240
What really the biggest risks in your organization. To me it’s meeting its key objectives actually are.

116
00:20:22.110 –> 00:20:31.140
Okay. So with that, let me go through and just kind of talk about some different questions for you to try to ask yourself, because again, I know some of you.

117
00:20:31.890 –> 00:20:37.260
As you started listening to this, you’re thinking, oh, risk based auditing, you know, we’re already doing that. No worries, Jason.

118
00:20:38.010 –> 00:20:43.740
But as we’ve gone through and talked a little bit about this. I want to give you some questions for you to really kind of ask yourself.

119
00:20:44.490 –> 00:20:55.440
In. Be honest with yourself about whether or not you know depending on how you answer these questions on how much of a risk based approach. You’re really taking

120
00:20:56.160 –> 00:21:07.950
And I, and I told you at the beginning. I’m going to be talking more and more about this because, you know, many years ago I wrote a book I’ve actually been updating some of the content related to that. And I’m going to be

121
00:21:09.090 –> 00:21:17.460
Re issuing or re releasing some of that information, kind of in a deeper level course for people to be able to go through

122
00:21:17.970 –> 00:21:26.460
Because I know that lots of people have have questions about this and I want to be able to provide the answers and and honestly provide

123
00:21:27.030 –> 00:21:41.880
Answers in in the right way. And what I mean by that is, let me, let me give you a little example I help lots of people pass the certified internal auditor exam and in there. You know, I have to teach them.

124
00:21:43.110 –> 00:21:53.970
What is on the exam and and honestly, some of the information in there having, you know, Ben and risk management and dealing with that and dealing with the GR C.

125
00:21:54.600 –> 00:22:08.250
Industry for 15 plus years. A lot of the information in the exam when it comes to talking about risk management and some risk based audit or what they call a risk based audit.

126
00:22:08.970 –> 00:22:22.950
Is not very accurate at least again, based on my worldview and my experience as I said being both in internal audit, as well as outside of internal audit coming back and forth.

127
00:22:23.640 –> 00:22:31.500
And so, you know, by putting some of this new information together. It’s also allowing me to actually share with people.

128
00:22:32.610 –> 00:22:40.200
What really will help because, unfortunately, a lot of times when people are talking about risk based on it.

129
00:22:40.560 –> 00:22:46.860
They’re really just talking about traditional internal auditing that is historical and reactive in nature.

130
00:22:47.280 –> 00:23:04.110
And it’s all of those kind of things that are leading to some of those challenges that I talked about before. And if we keep going down that path. If we don’t do things different. Then we’re going to continue to be downsized outsourced and really kind of, you know,

131
00:23:05.130 –> 00:23:13.350
It won’t be good for our profession. Okay, so, so it’s an opportunity again like I said for me to be able to share with you.

132
00:23:14.100 –> 00:23:18.150
Some of these cutting edge things as they’re coming out and that’s I’ve been working on them so

133
00:23:18.810 –> 00:23:34.800
You’ll see some more information about that coming out very, very soon. As a matter of fact. So, so keep your keep your ears peeled for that. But I want to get into these questions to kind of wrap up this stuff now. So, you know, as you think about

134
00:23:35.820 –> 00:23:46.020
Your audit planning. So here’s the first question, do you start your audit planning with an audit universe or your organization’s key objectives.

135
00:23:47.580 –> 00:23:54.720
Now me ask that again, do you start your audit planning with an audit universe or your organization’s key objectives.

136
00:23:55.440 –> 00:23:59.340
Now, I would say again, for most of the people that I’ve talked to, they start with not a universe.

137
00:23:59.910 –> 00:24:11.010
And the way an audit universe is usually talked about is, it’s, it’s a list of all the processes or transactions streams. The locations. The, the different business units underneath each

138
00:24:11.310 –> 00:24:18.000
And you start with that as the basis for developing your audit plan that is not a risk based approach.

139
00:24:18.510 –> 00:24:25.560
A risk based approach actually starts with the key objectives of the organization and then goes down from there.

140
00:24:26.430 –> 00:24:34.860
Second question, can you link every project on your audit plan back to a key organizational objective.

141
00:24:35.550 –> 00:24:41.910
And again, this is how a lot of times I told you many people fall into that third category of thinking they’re doing it, but they’re not

142
00:24:42.420 –> 00:24:52.470
Because when I asked that question and I have people pull out their audit plan and they look at what’s actually on their audit plan, they are not able to link back

143
00:24:53.220 –> 00:25:02.040
Why they are doing those projects to a key objective that they are trying to help ensure that the organization is able to meet

144
00:25:02.730 –> 00:25:15.270
So again, that question. Can you link every project on your audit plan back to a key organizational objective. If the answer is no, you’re probably not doing risk based internal auditing. Now third

145
00:25:16.290 –> 00:25:23.820
When you deliver a report to management, are they appreciative of the feedback or do they roll their eyes and yon

146
00:25:25.170 –> 00:25:36.150
Now again, that’s kind of a hard one. But how much of the time when we issue an audit report is management excited so appreciative that they’re thanking you

147
00:25:36.750 –> 00:25:42.420
For being able to help them and and make things better. Is that how they’re reacting

148
00:25:42.960 –> 00:25:51.330
Or are they kind of rolling their eyes and thinking, oh boy. It’s the auditor again just wasting my time didn’t actually give me anything of value.

149
00:25:51.960 –> 00:25:57.300
And so again, if they’re rolling their eyes, more than they’re appreciating and giving you a big hug.

150
00:25:57.900 –> 00:26:09.870
Then again, maybe some of the things that you’re doing are not necessarily aligned with the efforts of management and likely do not tie back to key objectives as well.

151
00:26:10.320 –> 00:26:14.790
Now again I know I’m probably going to piss. A lot of people off by saying that but maybe you

152
00:26:15.600 –> 00:26:24.840
Can answer that in a little bit more detail just not particularly here because there are some other things that go along with that as well. But I’m just saying, kind of in general.

153
00:26:25.620 –> 00:26:36.810
The fourth one. Does the management team come to you for advice and ask for help. And, you know, that is really one of the biggest questions for people to

154
00:26:37.650 –> 00:26:46.440
To be able to answer to know whether you are a trusted advisor because again I know a lot of us like to think we’re a trusted advisor.

155
00:26:46.860 –> 00:26:54.720
But unless management is actually coming to you and asking for your input and your advice and for your help.

156
00:26:55.260 –> 00:27:05.550
Then I’ve got to tell you they don’t really see you as a trusted advisor because if they saw you as a trusted advisor, they would actually reach out to you for help.

157
00:27:06.180 –> 00:27:14.400
Now those are some questions you know for you to kind of think about. And like I said, again, there’s more information in that webinar that I did.

158
00:27:14.730 –> 00:27:22.440
And I’m also doing a follow up webinar that’s going to actually answer questions. It’ll be a live Q AMP a session.

159
00:27:23.130 –> 00:27:30.120
Where we can actually dig deeper into this particular topic. And so again, that’s good, that’s going to be on October 31

160
00:27:30.510 –> 00:27:45.090
And so I’ll leave information about that in the show notes as well. So check the show notes and you’ll be able to sign up for that free webinar on 1031 where we’re going to get into more detail about this now.

161
00:27:46.560 –> 00:27:56.790
With that, I just kind of want to want to close up saying, again, you know, I know some of today, what I’ve been talking about maybe some hard medicine for some people.

162
00:27:57.570 –> 00:28:06.630
May have ruffled some feathers and that’s okay. I’m okay with that because here’s the reality there are challenges in our industry.

163
00:28:07.710 –> 00:28:15.060
And instead of sticking our head in the sand like ostriches we actually need to change and do things different.

164
00:28:15.720 –> 00:28:24.210
But again, I don’t want us to just be focusing on the challenges because, as I told you to begin with. Every time there’s a challenge. There’s an opportunity

165
00:28:24.900 –> 00:28:36.810
And if you focus on the opportunities and take advantage of the opportunities that those challenges. Give us then life can be great. Okay.

166
00:28:37.200 –> 00:28:46.890
You can align your efforts with management, you can be seen as a trusted advisor, you can be more proactive.

167
00:28:47.340 –> 00:28:57.960
It can be done. I promise. It can be done. I’ve seen it done. I’ve helped people do it. It happens. Okay. And one of the biggest ways that it does happen.

168
00:28:58.350 –> 00:29:09.210
Is taking a truly risk based internal audit approach tying back to key objectives. Okay. So with that, I’m going to wrap up today.

169
00:29:09.930 –> 00:29:17.130
As I said, there’s lots of different opportunities you’re going to hear me talking a lot more about this. If you have questions, feel free to message or email me.

170
00:29:17.490 –> 00:29:24.990
And like I said, show up for that webinar on October 31 because you can ask your questions there live as well.

171
00:29:25.710 –> 00:29:35.250
And make sure to go back and listen to the recording of the webinar that I did this last week, which is also included in the show notes below.

172
00:29:35.850 –> 00:29:48.420
So with that, my friends go out. Have a great rest of your week, ask yourself some of these questions and start thinking about what can you do, what are the little steps that you can do to start helping

173
00:29:49.170 –> 00:30:02.190
Your internal audit group to move forward, be more aligned with the efforts of management be seen by as a trusted advisor and help you to be more proactive in what you are doing.

174
00:30:02.820 –> 00:30:10.740
So with that, like I said, Have a great rest of your week and I will see you on a future episode of jamming with Jason. Take care.

Please follow and like us:
error