5 best practices for public sector auditors
Auditors are responsible for providing independent assurance that an organization’s risk management, governance, and internal control processes are effective. They can provide oversight beyond the financial implications, looking at the organization’s operations at large, including reputation, employee treatment, and environmental impact. When working in an open and collaborative environment, auditors have the opportunity to not only identify problem areas, but also to provide strategic insights that will propel the organization forward.
In many organizations, however, that open collaboration doesn’t happen—there’s a disconnect or lack of trust between the audit function and the rest of the organization. In that case, auditors may not receive needed documents for their audits easily, and they are often left out of understanding how other organizational units make their key strategic decisions which is helpful information for an audit. They can’t always get access to the data they need to generate reports and strategic recommendations. They’re left flying blind, and the rest of the organization may see them as an unnecessary irritation, rather than as a source of knowledge.
Fortunately, Dan Clark, principal of D. Clark Risk Advisory Services, has provided us with 5 recommended methods for closing the gap between audit and the rest of the organization.
Best Practices for Public Sector Auditors
Here are five best practices for auditors to close the gap:
1. Build Solid Work Relationships with Stakeholders Across the Organization
Almost half of respondents to a poll conducted by the Institute of Internal Auditors (IIA) in 2020 said that the biggest barrier to building alignment between internal audit and business functions was a lack of ongoing communication (45%), followed by a mistrust of internal audit by business functions (22%) and a lack of clear lines of process ownership (21%).
In many organizations, roles and responsibilities aren’t clearly articulated, and divisions don’t collaborate enough to understand priorities, leading to miscommunication and duplication of labor across departments.
But some auditors have come up with creative ways to address these issues. Dan recounts the story of an auditor named Deb, whose process teams struggled with communication. She decided to host a pizza party for all of the teams—it was the first time everyone had been in the same room in three years.
During the gathering, they discussed their own roles in the audit process and began openly communicating about how to work together to solve problems. The pizza party was so successful that Deb made it a quarterly event that focused on issues impacting their day-to-day operations. The organization saw a sizable increase in cohesion among staff, and audits began running faster and more smoothly. Since then, Deb has been promoted to operations manager.
While a pizza party isn’t always feasible (especially during a pandemic), look for opportunities to bring together different functions in a casual roundtable setting. Host an online workshop and invite a guest speaker to discuss a current regulatory issue that your team members will be interested in. On an ongoing basis, consider using your intranet or a knowledge-sharing tool to ask and answer questions across departments and to facilitate ongoing discussion. By building a culture of collaboration across everybody involved in the audit process, you’ll be able to easily share insights and improve the audit process for everyone involved.
2. Evolve Collaboration Through New Audit Tools
In today’s highly regulatory environment, auditors should be on the front line from the beginning, working with the risk management and compliance teams to build a strategy for assessing and managing risk. However, it’s often a challenge for auditors to have their voices heard.
The solution comes down to creativity. In one case study, credit risk review officer Scott wanted to prove his division’s value to the organization and get other teams to better understand the auditing process. In order to do so, he was able to convince leadership to have all new loan officers spend their first 30 days working in credit risk review. This helped them see what the audit team did and how they did it and gave them a new perspective on this function. He also spearheaded educational content, including quarterly workshops and a bimonthly newsletter. The newsletter was so popular that the commercial lending team took ownership of it, providing new respect and recognition to the credit risk review function.
Auditors can look for new opportunities to present their information — whether through newsletters, workshops, videos, or graphic presentations, or even via interactive websites in addition to what is necessary for them to stay in compliance with reporting requirements. By giving organizational functions many ways to take in content, you can make the audit team more relevant and compelling to the organization.
3. Deepen Analytics to Get More Timely Insights into Risk
In-depth analytics are critical for auditors. They can help us better understand processes and data flow, create better audit programs, and enhance audit’s value proposition to the organization. But organizational functions are often reluctant to share their data with the audit team.
However, by making an effort to be of value to organizational functions, auditors can expand their access to data.
Instead of spending a lot of time working on manual steps, there are efficiencies to be gained from using technology that yield more time to establish even better working relationships with our auditees.
In order to gain access to data from other organizational functions, look at how you can use your skills to help them by providing consulting services in accordance with applicable auditing standards and build trust between teams. Better collaboration will help you get access to the information you need to make both teams successful.
4. Communicate More Effectively with Executive Management
Many auditors find that executive management doesn’t recognize the value of the audit team. They tend to think that auditors are just there to check controls, and they want the audit team to keep doing things the way they’ve always done them. In many cases, the audit team hasn’t clearly communicated how they add value or has struggled to find ways to add value. All of this results in low engagement between executive leadership and the audit teams.
How do we get around this? Focus on better education about what you do and open the lines of communication. Dan knows one auditor who began sending executive leadership a regular audit “snap”: a one-pager that included the status of the annual audit plan, a success story where an organizational function had implemented audit’s suggestions with positive results, and an opinion piece on policy, risk, and controls. The auditor began to receive regular feedback from the board and senior management, as well as invitations to board meetings and sessions where her feedback was solicited. By providing thought leadership in your field, you can prove your value and become part of the conversation with executive leadership.
5. Become a Source of Knowledge by Offering Data-Driven Information
Finally, one of the best ways that you can enhance audit’s brand is by serving as a consulting partner to other risk and compliance partners in the organization. Doing so can help you highlight your team’s skills, demonstrate audit’s work in a more collaborative light, give other units a reason to reach out to audit, and provide more ways for audit to add value.
For instance, as COVID-19 began and organizations were forced to radically reshape their operations, some audit teams were able to take on additional responsibilities in risk assessment, offering strategic recommendations around introducing new protocols. Make it clear that your audit team can do what’s needed to help, even if it falls outside of traditional job descriptions and provide consulting services in accordance with standards and with the appropriate safeguards in place.
Audit teams can support organizational units with ongoing advisory and consulting services, using their skill sets as auditors to help other organizational teams with consulting support, instead of focusing only on compliance. For example, one audit team was able to provide knowledge on consulting practices focusing on data risk management, and shared recommendations and an action plan with the organizational unit. The management team was so happy with this approach that it asked the audit team to consult in other areas; using their in-house expertise resulted in saving $500,000 in outside consulting fees.
The audit function often suffers from a lack of communication with other lines of an organization—but by making a concerted effort to foster cross-team collaboration and showcase their value to the rest of the organization as in the examples shown above, audit can generate new respect and authority within the organization. By ensuring that the audit team’s voice is heard throughout the process, you’ll be able to conduct better risk analysis and audits, improving the organization’s overall performance.
Learn more about how audit solutions from Diligent can position your audit team for greater success.
