Can Internal Audit Ratings Kill?
Internal auditors routinely rate their internal audit reports and their findings and recommendations.
This week I was provoked into wondering whether our approach to rating can actually kill! In turn I would like to provoke my audience and ask you what you think.
Given the desperately sad story concerning the Ofsted inspection of a school and the suicide of a teacher, I no longer believe it is appropriate to meander along and not consider the mental health repurcussions of our approach to rating the results of our work.
A coroner ruled that the fear of the grading of a school inspection contributed to the suicide of the headteacher. The process was described as “cruel and intimidating”. Once the inspection started, Ruth Perry’s mental health fell apart leading ultimately to her death.
Interesting that Ofsted are now re-visiting their approach to grading.
I certainly do not want to be part of a profession that causes agonising pain. Why would I want to hurt people that get out of bed to do the right thing. In my experience, most people that have been subject to my internal audit reviews did not get out of bed to do a bad job.
In deciding to rate or not to rate we need to be clear as to our organisation’s objectives in relation to the internal audit process. I strongly believe that the organisation should be trying to create a climate in which individuals are encouraged to do their best to build and maintain a well controlled environment that services the firm’s strategic objectives.
Our approach to rating should only been seen through this lens.
In deciding on our approach, we need to consider a trade off. A trade off between using rating to priortise the results of our work in the minds of time starved consumers of our product versus the cost of rating. These costs include mental health challenges and its consequences. These consequences could include a climate in which the fear of being audited leads to the failure to openly engage with the audit process and maybe even deliberately hide information.
So what am I recommending?
I am recommending that the powers that be, including the audit committee, take the time to regularly debate the nature of this trade off. Is the demand for prioritisation getting in the way of a good honest audit product and a good honest approach to doing one’s best to managing risk and control?
As a starter for ten, extreme care needs to be exercised with incentivisation mechanisms linked to the results of internal audit reviews.
Look forward to your thoughts.
Previously Head of Risk at Architas Multi-Manager Limited
9 个月I saw situations where people’s bonuses would be directly afffected by audit report ratings. The result was a lot of wasted effort arguing about ratings that diverted from addressing issues found. It also led on occasions to overall poor and defensive engagement. I had inherited this and was able to meet with AC Chair and get them to support a proposal to remove formal ratings on reports. It was still easy to make clear in executive summary plus Board and Committee reporting where there were material concerns. After people got used to this it worked and led to a far more open environment. Objectives for management were amended to reflect responsibility for appropriate internal controls etc instead of no reports of a particular colour.
Managing Director
9 个月I think that the education sector is a unique and challenging environment with many competing objectives and a continued real term reduction in resources. I think that a lot of the final messaging and results can be influenced by the approach taken during the audit and the engagement and compassion demonstrated by the auditors. I will leave if for OFSTED to determine the effectiveness (or otherwise) of their approach, but the first thing as auditors within a firm need to understand is the firm itself. Its objectives, risks, culture and processes. Without context and understanding, audits provides no value and risks demoralising and demonising the people working in challenging conditions.
Head of Compliance risk governance and monitoring at National Bank of Greece,Chair of the board at IIA Greece.
10 个月Yes, but on tbe other hand internal auditors should express an audit opinion. How an audit opinion is defined without measurement?
Senior Global Internal Audit and Assurance Leader I Audit Committee I Energy I Change Management I Transformation I Capital Projects I IT/IS & Systems
10 个月Good points well made in the article. It is often professional judgement not a science and agree with Malcolm Z., the colour is less important if the result is positive change for the business, control environment, organisation, system or process. Continuous improvement and managing risk should be the goal.