including one “silver bullet” to help auditors and accountants make sure that companies get what they pay for.
by rick telberg
the coming decade may well redefine the role of the internal auditor in corporate governance, according to one widely followed expert.
“internal audit is getting more strategic,” dan swanson, a 26-year veteran of the profession and a former director of professional practices at the institute of internal auditors, told me. “it’s not seen as strictly a policing function as it was 10 years and 20 years ago.”
swanson sees accountants in internal audit becoming “more involved in the overall business and the strategic direction of the organization.” he sets out a new, expansive and challenging role for internal auditors.
this new role for internal auditors requires a new set of priorities and principles, which swanson lays out in a new compilation of his writings, “raising the bar.” he calls on auditors to dig strategically into a dozen make-or-break areas for many organizations, including:
1. risk management — “to my thinking, erm (enterprise risk management) is a silver bullet for improving governance and organizational results because it identifies your key objectives.” swanson says in his new book, “it is time for organizations to take erm to the next level.”
2. the top three most significant business initiatives — swanson has long pushed the auditing profession into examining a company’s top information technology efforts. but he’s expanding the scope of his concerns. “i now firmly believe,” he says, “in auditing the three most significant business initiatives.”
3. business continuity and disaster recovery — both, of course, are probably already on most people’s top ten worry lists. “the problem is that they always rank in the bottom half,” swanson says. “it is now time to ensure that the efforts are truly operational.” it could be one of the best investments any organization makes.
4. information security — swanson suggests a “very simple test:” is it on your board’s agenda?
5. grc — by whatever terminology you use — organizational governance; corporate governance; performance accountability; governance, risk and compliance – “internal audit should provide an opinion regarding the overall governance regime.” and these days, it’s essential to include social responsibility and sustainable development issues.
6. ethics and compliance — both are getting “enormous attention and funding” these days, but who’s minding the spending and the effectiveness if not internal audit?
7. records management — it’s not always a job for internal audit. but, swanson says, “if your organization has not started upgrading its records-management program to reflect today’s regulatory requirements and technological capabilities, then the organization is at risk … there is nothing worse than the legal nightmare of having a policy and not following it.”
8. the quality of enterprise information for decision-making — “the assessment should include the quality and completeness of the information, as well as the assumptions and analysis,” he says, predicting, “information management will become more critical every year.”
9. the anti-fraud program — internal auditors must be involved in assuring top management and the board that the right efforts are in place and working properly, he says.
10. it efforts — few areas can turn into a money pit as quickly or easily as it.
11. ad hoc requests from board members and top executives — by including internal consulting and assurance projects on the list, swanson makes the case for a customer service philosophy in the internal audit function. “it lets the board and management know that internal audit is responsive to the board’s needs.”
12. process management and continuous improvement — swanson’s last — but not least — audit priority focuses on improving organizational performance. in some companies it might be called six sigma or a corporate-wide quality-management effort. to swanson, every company needs one, and every program should be subject to examination by the internal audit department.
clearly, swanson sees an expansive and strategic role for internal audit. “it is time,” he says in the book, “for executives to lead, managers to manage, boards to govern, and auditors to provide assurances that things are as people say they are.”
it’s not just checking expense accounts any more.
3 responses to “the 12 priorities of top performers”
don turnblade
i liked the connection between six sigma and audit. for the style of six sigma used by ge requires that an audit of projected cost savings generated by a six sigma effort must be made as part of its process.
i think it is about time that audit began to take up the audit roles that it has been invited to work on. while audit should never do all things. the world moves and so must audit move with it.
crooked e, did fudge its books. the board new that it did this and failed in its task. more than 1/2 the business wealth of worldcom was lost before its internal audit units even began to detect the size and scope of the problem. by, then, the big shush, was justified to prevent the loss of the other 1/2 of value.
can we really blam audit for a desire not to tell ourselves the truth? by worldcom’s numbers, audit can prevent us from loosing the other half our minds without a warning. but, is not the real question how should we prevent loosing the first half of our minds in the name of insane greed?
we want drive; we want vision; we want entreprenuerial audacity. we need to skip lying; we need to skip organizational self delusion; we need to skip friendly fire incidents against ethics.
but, the quote below, by a founder of the usa, a founder of the new york stock exchange and our first constitutional us president show how far things really have moved. but, is all of that change for the better?
“of all the dispositions and habits which lead to political prosperity, religion and morality are indispensable supports. in vain would that man claim the tribute of patriotism, who should labor to subvert these great pillars of human happiness.” — george washington.
dave baldwin
this was an interesting and insightful article. thank you for writing it and keeping us accountants up-to-date on so many issues.
dave baldwin
sox internal audit manager
commscope
james r. mccourt
internal audit was a dead entity until sarbanes oxley can in. it’s a waste of time and money as management is responsible for the performance of the company. ia would not of caught the big frauds of the 2000 2006 periods. remember company’s published proforma information and the business accepted it including the sec. some of the accounting gurus called this the “numbers before the bad news”. all that matters is eps and growth . if those are to expectations than the world is good. ia did not save gm and any risk management program would have been useless i.e. the first guy to suggest that market share risk would be a drop from 60+ percent to below 40 would have been fired in 1980. gm was lost because of poor product design.
get back to basics as business is not as complicated as the world makes it out to be.
another example is the variety of different quality programs in the 70,80,90 and now. one could spend a fortune on implementing the different programs each decade and the program becomes the result and not the produce. ever remember the baldridge award and how many companies now trout this award.