No Result
View All Result
SUBSCRIBE | NO FEES, NO PAYWALLS
MANAGE MY SUBSCRIPTION
NEWSLETTER
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights
Home Featured

The Auditor’s Role in Advancing Communications

by Jim DeLoach
October 26, 2017
in Featured, Internal Audit
man holding megaphone with dozens of purple speech bubbles

Part 3 in a Series Exploring the “Auditor of the Future”

In this series, Protiviti’s Jim DeLoach and Brian Christensen have put forth 20 potential ways the Chief Audit Executive or internal audit lead can advance his or her relationship with the audit committee. Parts 1 and 2 focused on risk and value, respectively; this installment details strategies for making the most of communications.

with co-author Brian Christensen

Read Part 1 and Part 2.

In this three-part series, we have explained our vision of the future auditor, or the CAE who takes definitive steps to apply the full scope of The IIA’s definition of internal auditing. We have elaborated on the future auditor’s advancement of the relationship with the audit committee of the board of directors (or its equivalent) on three distinctive but interrelated fronts – risk, value and communications.

Two weeks ago, we focused on risk, advancing six ideas on how the CAE could enhance the audit committee relationship. Last week, we focused on value, advancing nine more ideas. Below, we address the focus on communications. Our thinking is derived from our various client experiences as well as from roundtables we have facilitated with seasoned CAEs. Of necessity, the interrelated nature of the three fronts gives rise to ideas that overlap to some extent.

The Focus on Communications

According to the CBOK study, board members generally rate the quality and frequency of internal audit’s level of communication at a high level. For example, a strong majority of board members give high scores for the quality (83 percent) and frequency (81 percent) of internal audit’s communications. That’s a great foundation on which to build.[1]

In sustaining effective communications, the future auditor focuses on communications with the audit committee and the enterprise’s information for decision-making. Below, we discuss how.

An optimally effective “auditor of the future” will:

Report directly to the audit committee. The future auditor’s positioning within the organization is vitally important to his or her delivery against elevating expectations. Access to senior management and the board, stature within the organization and effective escalation protocols have always been keys to positioning. It is vital that the CAE report directly to the audit committee.

Interact with directors outside of customary settings. The future auditor seeks opportunities to participate in board settings beyond the traditional audit committee meetings. Which board settings are “relevant” in this context must be defined by directors to fit the organization’s specific needs and may vary in different countries and regions due to different board structures, cultures and internal audit skill sets. For example, the CAE can:

  • Proactively engage the audit committee chair, as necessary, throughout the year to deepen the relationship. Lunch or dinner once or twice a year, a standing monthly call and inviting the chair (or the full committee) to meet the internal audit team in an informal setting are all ways to facilitate engagement.
  • Invite the chair to meet with the audit team and present his or her view of the company, current developments, the critical risks, the role of internal audit and the audit committee’s oversight role.
  • Seek opportunities to serve as a channel for knowledge and insight to the audit committee on hot topics.
  • Be aware of the key responsibilities of the audit committee as set forth in the committee charter and offer input, when appropriate, to help the committee complete its annual responsibilities.

Increased access to, and more frequent interaction with, the board broadens the CAE’s perspective and elevates the stature and visibility of internal audit.

Expand the emphasis on assurance. There are different sources of assurance available to the audit committee. Accordingly, the future auditor distinguishes and draws upon the sources of assurance provided by those who report to management and/or are part of management; those who report to the board (including internal audit); and those whose reports are directed to external stakeholders (e.g., the external auditor). Audit committees value being educated as to the available sources of assurance.

Prepare effectively for meetings. The future auditor conducts pre-meetings to set the agenda in advance of every audit committee meeting with the chair (and other directors, if appropriate) and to ascertain directors’ expectations and direct “asks” of the committee (e.g., incorporate suitable pre-reads in the audit committee package distributed in advance of the meeting). In addition, a walkthrough of the meeting agenda with appropriate executives and, if necessary, the external auditor presents an opportunity to vet issues and potential sources of disagreement before discussion with the committee. As a professional courtesy, this process helps management prepare for any questions they might have to address later, strengthens relationships and ensures that audit findings are presented constructively. Simply stated, executive management should not be surprised by anything in the auditor’s reports or presentations to the committee.

Preparation also entails anticipating questions in advance and formulating responses to those questions. To that end:

  • Some companies have the business owners responsible for audited areas attend the audit committee meeting to respond to audit observations, in which case managers speak for themselves rather than the CAE responding on their behalf.
  • Often, questions arise in executive session related to the evaluation and competence of key personnel; in such instances, the CAE should consider whether there is a basis to respond and, if so, be prepared to deliver the appropriate response in a professional, substantiated manner.

Other aspects of preparation include isolating any new risks and other issues that have come up internally or externally and considering how those items might be introduced if significant. In addition, it is wise for the CAE to be well-versed in the other agenda item topics being covered by the committee when he or she is expected to be present.

Apply best practices to maximize the effectiveness of presentations. The future auditor gets to the point, focuses on what directors need and want to know, provides relevant results and covers other matters if requested. He/she presents audit findings as if the responsible business owner were in the room (and, optimally, they would be). The public domain is replete with many ideas for effective presentations to directors; the following are six of our favorites:

  1. Appearances are everything – Make pre-reads and presentation materials visually appealing and focused on the key takeaways.
  2. Tell the story – Summarize key messages and encourage discussion; synthesize data into key themes, observations and action items.
  3. Keep it short – Be concise and to the point; distill the message into an elevator pitch and be ready to comment on specifics if asked.
  4. Speak with authority – Look committee members in the eye, pause for questions but don’t linger and speed up or slow down the presentation cadence based on director feedback.
  5. Respond to questions with direct responses – With respect to questions for which the answer isn’t known, take an action point to follow up to obtain the information; for questions that are or should be directed to management, pause to allow management to respond.
  6. Be a team player – If executive management wants to own a particular issue and bring it up to the audit committee, let them; as noted earlier, consider having business stakeholders join the meeting to co-present on the findings of a particular review (e.g., have the CIO or CISO co-present on the results of a cyber audit).

The experienced CAE knows that any board presentation may need to be curtailed due to time limitations, so he or she should be prepared for that.

Summary: Time to Raise the Bar

In this three-part series, we have advanced 20 ideas for the CAE to advance his/her relationship with the audit committee. Because audit committees are different from organization to organization, not all of the points we suggest may be relevant to a specific committee’s needs. However, we believe that the future auditor’s three-pronged focus on risk, value and communications applies to almost any audit committee. As executive management and board expectations of the internal audit function continue to rise, progressive CAEs must adapt and continuously upgrade the capabilities of their functions to keep pace.

The 20 ideas presented during this series on how the future auditor considers risk, contributes value and maximizes the effectiveness of communications represent definitive steps forward for any CAE. As noted several times during the series, our suggested focus on risk, value and communications of necessity overlaps. Accordingly, it is not surprising that some of the various ideas serve multiple purposes. While not intended to be all-inclusive, these 20 suggestions could be used to benchmark a CAE’s and internal audit function’s modus operandi. Any gaps should be carefully considered by the CAE as a potential enhancement opportunity.

We believe that CAEs who embrace the future auditor vision as explained in the first installment of our series are better positioned to serve the needs of executive management and the board through their comprehensive risk-focus, forward-looking emphasis on value and crisp, targeted communications. As progressive CAEs take the lead to up their game, they pave the way toward realizing the internal audit profession’s full potential.

This article is based on information detailed in The Bulletin (Volume 6, Issue 7), available at www.protiviti.com.

[1] Six Audit Committee Imperatives: Enabling Internal Audit to Make a Difference, by Jim DeLoach and Charlotta Löfstrand Hjelm, A CBOK Stakeholder Report, a study conducted by The Institute of Internal Auditors and Protiviti, 2016, available at https://na.theiia.org/iiarf/Pages/Common-Body-of-Knowledge-CBOK.aspx.


Tags: Board of DirectorsCorporate Communication
Previous Post

TRACE: The Outlaw Ocean

Next Post

Thomson Reuters 2017 Global KYC Surveys Attest to Even Greater Compliance Pain Points

Jim DeLoach

Jim DeLoach

Jim DeLoach, a founding Protiviti managing director, has over 35 years of experience in advising boards and C-suite executives on a variety of matters, including the evaluation of responses to government mandates, shareholder demands and changing markets in a cost-effective and sustainable manner. He assists companies in integrating risk and risk management with strategy setting and performance management. Jim has been appointed to the NACD Directorship 100 list from 2012 to 2018.

Related Posts

tech fluency_n

Not Your Grandpa’s C-Suite: Improving Tech Fluency at the Top of the Organization

by Jim DeLoach
January 18, 2023

In our hyper-connected world, just about every company is a tech company. As commerce and technology become increasingly intertwined, it’s...

hottest takes

The Hottest Compliance Takes of 2022

by Staff and Wire Reports
December 14, 2022

Nobody was canceled for anything they wrote for our pages in 2022 — at least that we know of. But...

board personalities

Arsonists, Long Rangers & the Impact of Personality Types on Board Governance

by Rob Kunzler
December 14, 2022

It’s easy to think of your company’s board of directors as simply a group of individuals. But OnBoard’s Rob Kunzler...

PwC annual directors survey_f

PwC 2022 Annual Corporate Directors Survey

by Corporate Compliance Insights
October 17, 2022

How are public company boards of directors adapting to movements like ESG and board diversity? Exploring the Changing Governance Landscape...

Next Post
Thomson Reuters 2017 Global KYC Surveys Attest to Even Greater Compliance Pain Points

Thomson Reuters 2017 Global KYC Surveys Attest to Even Greater Compliance Pain Points

Compliance Job Interview Q&A

Jump to a Topic

AML Anti-Bribery Anti-Corruption Artificial Intelligence (AI) Automation Banking Board of Directors Board Risk Oversight Business Continuity Planning California Consumer Privacy Act (CCPA) Code of Conduct Communications Management Corporate Culture COVID-19 Cryptocurrency Culture of Ethics Cybercrime Cyber Risk Data Analytics Data Breach Data Governance DOJ Download Due Diligence Enterprise Risk Management (ERM) ESG FCPA Enforcement Actions Financial Crime Financial Crimes Enforcement Network (FinCEN) GDPR HIPAA Know Your Customer (KYC) Machine Learning Monitoring RegTech Reputation Risk Risk Assessment SEC Social Media Risk Supply Chain Technology Third Party Risk Management Tone at the Top Training Whistleblowing
No Result
View All Result

Privacy Policy

Founded in 2010, CCI is the web’s premier global independent news source for compliance, ethics, risk and information security. 

Got a news tip? Get in touch. Want a weekly round-up in your inbox? Sign up for free. No subscription fees, no paywalls. 

Follow Us

Browse Topics:

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks Published by CCI
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • On Demand Webinars
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Well-Being
  • Whitepapers

© 2022 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Explore Topics
    • See All Articles
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Well-Being at Work
    • Leadership and Career
    • Opinion
  • Vendor News
  • Career Connection
  • Events
    • Calendar
    • Submit an Event
  • Library
    • Whitepapers & Reports
    • eBooks
    • CCI Press & Compliance Bookshelf
  • Podcasts
  • Videos
  • Subscribe

© 2022 Corporate Compliance Insights

Welcome to CCI. This site uses cookies. Please click OK to accept. Privacy Policy
Cookie settingsACCEPT
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT