Embarking on the path to success in internal auditing requires a steadfast commitment to continuous improvement and the cultivation of knowledge, skills and expertise. This journey toward excellence necessitates the harmonious integration of People, Process and Technology (PPT). As dedicated professionals, it is imperative that we steer clear of following seven deadly sins that can compromise the integrity and effectiveness of our internal audit function.
So, what are the seven deadly sins of internal auditing? Let’s explore:
- Publishing an Erroneous Report
- Conveying accurate information is paramount to upholding the reputation of the internal audit function.
- Even the slightest error in a report can be detrimental, compromising the essence of our findings.
- Example: Reporting variances without auditee agreement or presenting observations without verifying corresponding numbers.
- Submitting Incomplete or False Working Papers
- Trust is the bedrock of any audit; submitting incomplete or inaccurate paperwork erodes this foundation.
- Upholding trustworthiness and delivering high-quality work is non-negotiable.
- Example: Presenting a report or finding with incomplete information, leading to erroneous conclusions and questioning the audit’s reliability.
- Losing Your Temper with a Client
- Maintaining composure during challenging interactions is a hallmark of professionalism.
- Being composed is crucial for staying focused and avoiding distractions over inconsequential matters.
- Example: Demonstrating frustration during an audit meeting due to disagreements.
- Auditing with an Agenda
- Objectivity and impartiality are cornerstones of effective auditing.
- Maintaining neutrality, even when the auditee is a close friend, ensures fair reporting.
- Example: Failing to report a finding to protect a friend’s reputation or highlighting a minor offense instead of a major finding.
- Betraying a Bond of Confidentiality
- Safeguarding confidential information is paramount, as trust is built on discretion.
- Disclosing sensitive audit findings to unauthorized individuals can have severe consequences.
- Example: Inadvertently sharing confidential audit information or succumbing to requests for gossip from auditees.
- Violating Company Policies
- Adhering to company policies, including travel guidelines, is a testament to professionalism and maintains auditor independence.
- Violating policies can lead to repercussions and erode trust in the face of fraud or misconduct.
- Example: Submitting false bills for claiming allowances constitutes both unethical behavior and a violation of company policies.
- Issuing Internal Audit Reports that Lack Value
- Audit reports are a catalyst for business process improvement, not a platform for fault-finding.
- Avoid investing time in inconsequential details; focus on providing valuable insights.
- Strive to offer careful and constructive recommendations that resonate at all levels of management.
- Remember: Our recommendations are a pivotal driver of positive change within the organization.
By steering clear of these seven deadly sins, internal auditors can uphold the highest standards of professionalism and contribute meaningfully to organizational success. In doing so, we fortify the foundation upon which the internal audit function stands, ensuring its continued relevance and impact.
About the author: Chidambaram Narayanan is a seasoned internal auditor with 16+ years of experience in accounting and audit. Specializing in financial and IT domains, he has worked in Fortune 500 companies across manufacturing, automotive, engineering, and retail sectors. Chidambaram holds the prestigious title of Chartered Accountant and is equipped with a robust set of certifications, including CISA and Microsoft Azure Cybersecurity suite (SC-200, SC-300, SC-400, SC-100, SC-900). In 2024, he was elected as a Board Member of ISACA Muscat Chapter.