Internal audit is inevitably getting stronger in its influence, while external audit gets hammered by too often letting directors get away with it!  Internal audit at its most simplistic is about ticking the regulatory and contractual boxes, with an occasional foray into the moral jungle.  It’s always responsive, never proactive.  Seen as a barrier, never an enabler for doing business.  It’s a costly irrelevance where life is easier to just roll-over and do what the auditor tells you, even if its counter intuitive or just plain absurd.  My train of thought started with Fluid Oil, an energy start-up that was located at a former refinery on the Thames estuary.  As the Board director with Health and Safety oversight, it seemed to me that Health, Safety and Environment in practice, was too often “no, you can’t do that”.  We would then begin a process of horse trading to find a solution, yet we never overcame the conflict between both sides of the same business, and especially so with the operators of the site who were clearly stuck in a 1970’s mind set.  All words and no action, and yes people still got hurt despite the rhetoric.  Ultimately, we were fortunate in another Board colleague taking on this role full time, and she was able to practice a less them and us approach, that brought results.

In a similar mode, I now am working with businesses large and small, with Governance and assurance.  All need some form of internal audit at a practical level, though the same combative mind set yet prevails, whether its FCA, digital security, HR, or their myriad counterparts.

In parallel we have a substantial effort put into business transformation and process improvement, where due reverence is given to internal audit and compliance, but a level of conflict remains or is at least perceived.  Is it now timely as much of the world looks to new work-from-home practices and simplified operations, to blend internal audit with transformation?  To use the short-term interactions with a business for ‘audit purposes’, those interactions practically shaped by strategic need, functioning as an enabler over a barrier.  Going back to my Health and Safety example, being proactive and leading finding of a solution to a given challenge.  By blending ‘being compliant’ with ‘strategic objectives’, at a stroke removes opportunity for internal conflict and plants compliance right to the heart of how a business evolves. Business morality is now evidenced by truly integrated and evolving compliance, not superficial and often politically compromised validation exercises that convince of we are ticking the boxes, even when we are clearly not. For the moment, lets call this Transformation & Audit (T&A) as a working title.

Leave a Reply