Читать книгу Beyond Audit - Robert L. Mainardi - Страница 25

The first step in effectively market anything is to ensure you can define what it is you are trying to market. It is not possible to sell (market) a process to a business partner unless you can explain what it is that you are trying to get someone to accept. And if this process does not have a corresponding value to your partners, they will not want anything to do with it. Without any solid, detailed explanation, any potential business partner will not be interested in what you are selling. Got it? For auditors to be able to market their process, it has to be clearly defined.

What is the definition of internal audit? Well, there are two ways to define audit, and we are going to review both of them to ensure you have the correct perspective when speaking about the audit department. First, internal audit can be defined from the “book” perspective. Internal audit is an independent, objective process that can provide consulting services and process validation reviews focused on improving business operations and adding value. The focus for the audit department is to assist the organization's business units to achieve their objectives in the most efficient and effective manner with the least amount of rework. Internal audit is designed to partner with business unit personnel to facilitate a formal review process methodology to identify, examine, and evaluate the business objectives and corresponding risks, controls, and oversight within each operation. Now, that is what I call a comprehensive definition of internal audit! I know every person who sees this definition will want to immediately incorporate it into all of their internal audit marketing materials. The facts are stated and there is a clear definition and distinction of what audit is doing on a day-to-day basis to make every business process a world-class operation (and the envy of all their peers). If it was not clear enough in those last couple of sentences, that was sarcasm. Does the previous explanation define what internal audit represents? Yes, but unfortunately with these “book”-type definitions, it might only be clear to someone who has a baseline understanding of internal audit. For business personnel, while the explanation sounds official and uses the standard business terminology, it still might not convey the true objective of internal audit and how it affects the business units within the company.

While I believe the previous paragraph clearly depicts and explains internal audit's primary objective, it does not consider what I call the terminology gap when discussing key components of the internal audit function. As auditors, we can sit around a table and discuss risk and controls for hours and completely understand what each of us is talking about. However, the business owners and their teams are not familiar with these terms as it applies specifically to their own processes. This gap in an equal understanding of the internal audit foundational concepts creates a basic misperception when business teams are trying to understand what internal audit is going to be examining in the day-to-day operations of the business unit. Internal audit must ensure all of the auditors on the team can effectively articulate the internal audit objective and the associated terms like risk, control, and oversight. While the Beyond Audit Objective, Risk, and Control methodology will be discussed in detail in Chapter 5, it is important to spend a moment discussing it here. As a member of the audit team, being able to understand and explain these three terms is crucial to communicating the internal audit objective as well as building a strong, honest, and upfront foundation for the relationship with the business client.