Overcoming the 5 Classic Myths About Internal Auditing3 min read

Reading Time: 2 minutes

In a recent article, Richard Chambers, IIA CEO, identified the following “Five Classic Myths About Internal Auditing

  • Internal auditors are accountants by training.
  • Auditors are nit-pickers and fault-finders.
  • It’s best not to tell the auditors anything unless they specifically ask.
  • Internal auditors follow a cycle in selecting their audit “targets” and use standard checklists so they can audit the same things the same way each time.
  • Internal audit is the corporate “police function.”

These “myths” are spot on.  But how do we overcome these myths.  It is not easy, but here are some of my thoughts:

Myth #1 Internal auditors are accountants by training.

To overcome this myth, create a diverse staff.  Hire individuals with diverse backgrounds.  Hospital auditors do it all the time.  Many have Registered Nurses on staff who perform anything from billing and coding audits to hospital operation audits.

Train alongside your clients when possible.  Your clients train to become better at what they do.  So should you.  While audit specific training is definitely important, so are your client’s specific tasks.  For example, if you are an auditor for a trucking company, occasionally ride along with drivers or consider learning how to drive a big rig.

I am currently in higher education.  Upon entering the industry, one of my first tasks was to enroll in a course.  I need to experience our services as a customer.  This “on the job training” was very valuable.

Myth #2 Auditors are nit-pickers and fault-finders.

Well, part of what we do is to evaluate environments.  The focus is on preserving, protecting and continuous improvement.  We must communicate this in our actions.  Therefore, it is important to prioritize projects and issues we present to management.  Keeping the end goal in mind (i.e. the betterment of the organization) can help reduce this myth.

Myth #3 It’s best not to tell the auditors anything unless they specifically ask.

This helps none in the long run.  It is up to us to build a relationship based on trust and respect so that our clients can have honest and open dialog with us.  This is one of the hardest myths to overcome because there is no quick solution.  We must develop our soft skills and use them effectively.

Myth #4 Internal auditors follow a cycle in selecting their audit “targets” and use standard checklists so they can audit the same things the same way each time.

This perception/myth can be broken by simply changing the way we audit.  If the audit plan includes the same areas, then our clients will believe myth #4.  To overcome this, do something different.  Get out of your comfort zone.  Try auditing something in your organization that you have never touched before.  For example, try auditing your organizations social media strategy and operations.  This is a fairly new risk facing many organizations.  An audit done right in this area can disprove myths 1 and 4.

Myth #5 Internal audit is the corporate “police function.”

Shattering this myth is easy.  This is probably the only easy one on the list.  Simply put, check your attitude.  Present yourself as a collaborative partner through your actions and you will become one.

Any thoughts?

Robert Berry (103)

Robert (That Audit Guy) Berry is a risk, compliance and auditing advocate, educator and innovator. He helps good professionals become better by creating articles, web services and training that allow them to expand their knowledge network.

5 thoughts on “Overcoming the 5 Classic Myths About Internal Auditing<span class="wtr-time-wrap after-title"><span class="wtr-time-number">3</span> min read</span>”

  1. Patrick Elliott

    I working in DuPont’s Internal Audit department a few years ago and one of the ways we worked with the business was when systems were being built & installed. A member of Internal Audit would work with the Project Team and advise them where controls should be included in the system. Very proactive auditing in my opinion.

  2. Jim McClanahan

    Robert, a thought that helps with #2, 3 and 5. During the stage of identifying risks, you usually ask the responsible party “what do they worry about going wrong that keeps them up at night”. If this perspective is taken, then this should help the internal auditor to be viewed as an ally of the responsible party by helping them identify and implement controls that protect their responsibilities and, ultimately, their performance ratings and their jobs.

  3. Jim,

    I could not agree more. In a recent article I described my thoughts on Building credibility with audit clients (http://www.thatauditguy.com/building-credibility-with-audit-clients/). I think we must have a sincere interest in our client areas to truly be effective. Clients can tell when we are really concerned about their operations versus just “doing a job”. I truly love what I do because I get to learn and teach daily (continuous growth). I believe my clients see this and we form good working partnerships.

  4. One of the most effective ways I’ve found to overcome #3 is to ask the auditee to think of me as a new worker they are training, to emphasize important steps and explain why things are done in a certain way.
    That helps them open up and share more information than just the question I asked.

Leave a Comment

Let's Keep in Touch

Never miss a podcast, product or exclusive offer.

You may even win FREE CPE

Scroll to Top