Good design facilitates effective communication

I follow a few presentation/design related blogs and a quote near the end of one post recently caught my eye, as I think the following is instructive for those of us in the audit business, tasked frequently with presenting the results of our work:

Business presentation design is a blend of practicing good design, and making compromises to deal with the practicality of working with lots of non-designers. Being able to deal with frequent changes, keeping design standards up (also on page 5 to 20), and making sure that everyone can make decent looking edits in the presentation.

Now, I’m painfully aware that the majority of auditors don’t give a hoot about designing a beautiful report or presentation. It’s a reliable source of frustration for me!

But the quote above is something I need to keep in mind when I notice misalignment of elements of a slide or poor structure in a Word document report.

As a profession, auditors are aware that effective communication skills are critical to being able to do our job well and make sure our clients know the value we bring to the organization. The content of our reports and presentations is most important, but good design facilitates effective communication of that content.

Renaming internal audit to better represent its stature

Internal audit. The name leaves something to be desired, in my opinion, and unless you’re familiar with IA, it could be a bit confusing.

It also creates this false dichotomy with external audit that really doesn’t exist. Within the IA context, the audit of financial statements is supplemental and focused on only one risk: reporting risk. Granted, reporting risk holds a special place in the pantheon of enterprise risks, critical to obtaining and maintaining financing, but still.

Why is internal audit content with naming itself only in terms of where its practitioners reside in relation to the organization under audit? Seems quite narrow and vague. Given that IA concerns itself with all enterprise risks, it makes more sense to me to called it Enterprise Audit. This would also dovetail nicely with Enterprise Risk Management. ERM and EA, two sides of the governance coin.

Better branding in this manner would attract more and higher quality people to the profession as well. It sounds far more interesting and rewarding to be in the business of enterprise auditing than internal auditing.

What do you think? Is it too late in the game to make a change like this? Does it matter, so long as those in business understand the role and responsibilities of the auditors?

Working the phones for audit purposes

Inc. published a short article on “working the phone” yesterday that touched on a number of things that anyone should take to heart if their job involves talking to people on the phone, which is to say, pretty much all office workers that do work.

This is one of the bigger differences between my previous gig in internal audit for a global building materials manufacturer and my current one with a national retailer. Before, I was doing a lot of traveling to various plants and subsidiary offices to conduct audits, and meeting face-to-face was much more important to getting work done. There were phone calls during the planning phase and weekly conference call updates on any issues that arose, but the majority of the time we were sitting across a table from each other.

Phone calls (and voice mail) are much more important in my current environment. Schedules are more structured, especially those of senior management. I’ve had to adapt to this by getting better at gathering information via phone calls and leaving voice mails that are more likely to get results.

Some of the highlights of the article as I see them:

Never have a business conversation, especially on the phone, without knowing exactly what you’re trying to accomplish.

Absolutely the most important point is to know why you’re calling and have an idea of how you want to get there. I’ll make notes beforehand in a Word doc and have it on screen when I make the call. I’ll even incorporate if-then conditional statements based on my questions and the possible answers I expect to get. They get thrown out the window if the answer is not one that I’d expected, but like a boy scout at least I’ve prepared.

It takes a bit of practice, but what you need to do is suspend your “what do I say next?” until after the other person is done speaking.

This is something I’m going to try to keep in mind in the future, more to assess whether I’m doing this already (the default assumption for most of us, I think) or not. Really consciously focus on listening and processing when my audit clients are speaking, which segues nicely to the next item…

When you pause before responding, the other person knows that you’ve listened.

If I’m speaking to someone for the first time and we’ve never met face-to-face, I want them to feel fully comfortable sharing information with me. For someone who maybe isn’t used to dealing with auditors, which will happen if it’s an area that doesn’t get audited often or hasn’t been audited at all, this is critical. This tip is going to be useful in achieving that level of comfort, and that should give me better results.

As you speak, gradually take on the least obvious elements of other person’s voice.

This is a subconscious rapport builder, and will work if it is subtle. If it’s not, it’s going to come off as disingenuous and have the opposite effect. So it’s a gamble.

In my previous job, I worked day-to-day with people from Ireland and the (US) South, and I found it impossible not to lightly pick up those accents when I was with them so much. (The company was headquartered in Ireland and the North American corporate office was in Atlanta, so most of the internal auditors were from those areas.) The combination is a bizarre one, especially peppered with Canadian “eh”s as well!

I’ve found it’s also useful to check people’s schedules prior to making the phone call, to anticipate whether they will be there to pick up or whether it’s likely to go to voice mail. If I need to call someone and they’re in meetings all day, I’ll draft the voice mail message before I call so I can be succinct and not forget anything.

My preference is to have a face-to-face instead of a phone call, because in-person meetings allow for body language and they just feel easier to make a connection with the client. Email is useful because it provides a record of the discussion that can be referred back to if needed. But for situations where immediate attention is best, the phone call reigns supreme.

Please share in the comments how you get the most from your phone-based interactions!

Top traits of an effective internal auditor

The President of the IIA shares what he sees as the top seven attributes of an effective internal auditor, and in general I agree, with a few distinctions.

The most important attribute is referred to as business acumen, but the description that accompanies it has more to do with having an in-depth knowledge of the business the auditor works for. Splitting hairs I guess, but acumen is the ability to make good decisions and exercise sound judgment. A strong understanding of what is driving the success of the business is important to cultivate, as is staying on top of developments within the industry in which it operates. I think both are important, but one is easier to develop than the other.

Communication skills come next, and I would broaden that to be people skills in general. The ability to read people and adapt to any given situation and personality is very helpful, so both the outward skills like communicating clearly and succinctly and the inward skills like listening actively and processing information quickly will come in handy when dealing with people within the organization.

Integrity comes in at 3rd, and is critical to establishing and maintaining your reputation as a professional. Being consistently honest and forthright in your interactions with your “customers” will allow you to build strong working relationships across the business.

Experience is next, and it’s not a subject I feel especially qualified to discuss, since I’m only in my third year as an internal auditor, sixth as an auditor. What I will say is that each day I strive to learn and get better at my job, and working with staff that have, among them, decades more experience than I provides a constant reminder of the value of that experience.

Number five on the list is a solid grasp of business risks, which to me means the exact same thing as the first item. Let’s just put them both together at the top and shorten the list to six, shall we? After that is talent development skills, which is important to have once you reach a certain level and have people reporting up to you. I could make the case that this is essentially a subset of people skills.

Last (but not least in my opinion) is courage and that’s important for auditors whether they’re external or internal. Part of the job is being the bearer of bad news and you’ve got have the stones to deliver it straight!

IIA and ISACA pool resources and expertise

At the end of September the IIA and ISACA announced they had reached an agreement to “create a basis for cooperation and collaboration” between the organizations.

The agreement is formalized in a Memo of Understanding that has been signed by both parties. The MoU lists a few areas where this agreement makes cooperation possible:

  • Speaking and exhibiting at each other’s conferences, seminars and events
  • Conducting jointly sponsored events
  • Mutually recognizing, where appropriate, each other’s continuing education programs for continuing education credits to satisfy requisite certification requirements
  • Participating in training and educational programs offered by either association where such collaboration benefits the attendees
  • Encouraging similar cooperation and collaboration among local chapters of ISACA and The IIA (an activity that already thrives in many places throughout the world)
  • Identifying opportunities for joint projects that advance the global internal audit profession and the professional standing of its members
  • Engaging in periodic discussions on matters of public policy that impact the internal auditing profession
  • Where appropriate, coordinating and promoting unified messages and responses to standards setters, regulators, and legislators globally, and providing them with information regarding best professional practices

In order of value to each organization’s members, the top 3 in my mind are:

  1. Joint projects to advance the internal audit profession
  2. To me this is going to have the biggest impact on stakeholders because the combined knowledge and experience in both groups should lead to higher quality standards and improved best practices. Perhaps a combined set of standards down the road?

  3. Recognizing each other’s continuing education
  4. For members of both organizations this is huge. Program content frequently overlaps (e.g. the IIA’s GTAGs) and internal audit departments generally have staff with CIA and CISA designations (as well as CA and CPA, and others), so significant cost savings may be realizable.

  5. Collaborating on continuing education
  6. This could open up each organization’s continuing education programs to the other one’s members, which immediately introduces fresh topics and facilitators to both groups. Synergy here will allow members to broaden their training, and provide an easier transition from one to both certifications.

The agreement should work out to be a win-win-win — for the organizations, members, and stakeholders. What do you think?