Q: What do you get if you cross a wild, ferocious, man-eating tiger with an internal auditor?
A: A dull tiger.
OK, by a show of hands, how many of you are excited when you receive the audit engagement letter or regulatory exam notification? Do you mark the dates on your calendar with the same enthusiasm with which you block off your two-week mid-winter Caribbean vacation?
Given what I've observed over the years, I think not. I am here to suggest that we can and should embrace those individuals entrusted with auditing and examining our Organizations--and, no, I have not lost my good sense.
I recall my days as a bank auditor, when my arrival on site appeared to suck the joy right out of the room. Mind you, in hindsight I can humbly admit that the process owners certainly knew their craft far better and more realistically than my well-studied audit manuals could have prepared me. And while I and many of my fellow auditors throughout history have long sought to conduct dispassionate audits with collegial objectivity, management frustration often bubbled just below the surface, bursting forth as certain numbered comments touched unforeseen raw nerves.
The passing of years witnessed my migration away from the internal audit function toward the risk management function via a brief passage through a regulatory agency. At each stage, I tried to bring all perspectives together into one cohesive approach to audits and regulatory exams. I do not believe that I am alone in this regard, as many Leaders more experienced than me have found themselves reconciling multiple facets of the audit/exam process throughout our careers.
What I find fascinating is how many otherwise well-balanced, seasoned Leaders bristle at the notion that they could learn from--let alone seriously consider--the noted exceptions or discussed observations during an operational audit or regulatory examination. The very same Leaders who would pay consultants handsomely to deconstruct and reorganize entire Divisions within the Organization, or who engage high-end vendors to supplant legacy technology with enterprise solutions, will balk at the suggestion that a professional committed to assuring the safety and soundness of the Organization would be any less committed to objective and sustainable improvement.
I am certainly not suggesting that we butter up, befriend or brown nose the independent auditor or government regulator charged with overseeing the thorough examination of our Organizations. I am suggesting that we, as Leaders, owe our Organizations a fiduciary duty to approach the audit/exam with an open mind and a willingness to accept that--despite our best efforts--our Teams could be performing one or more functions with greater care. Unlike the consultants and vendors we hire, our auditors and regulators are not primarily driven by a profit motive or to extract repeat business.
My first-hand experience with administering audits, especially those supported by early warning systems, was to (1) gain a better understanding of the operational processes; (2) identify remedies that had been made to previously-identified exceptions; and (3) offer best practice guidance and foreshadowing of regulatory effects that would impact the process owner's area of responsibility. Our Audit Team certainly wasn't there to one-up management or disrupt well-functioning operations.
On the Risk Management side, despite others' tendencies to view regulatory examinations as declarations of war against the various Organizations, I sought to assume the best intentions. Though it comes as a shock to some, I generally received what I had assumed: professional auditors/examiners (a) conducting objective assessments; (b) examining and documenting the sufficiency of mitigating controls; and (c) offering improvements supported either by industry best practices or foretellings of regulatory rule making. And although I had observed other Leaders come to blows in heated battle with examiners, I never found myself in that adversarial position.
We will all certainly continue to look forward to that two-week mid-winter Caribbean jaunt with much more excited anticipation than any audit or regulatory exam, but as Leaders we can certainly adopt a more collegial and consultative approach to those periodic and foreseeable occasions. You won't be disappointed.
No comments:
Post a Comment