Can Internal Audit Ratings Kill?

BySandro Boeri

Internal auditors routinely rate their internal audit reports and their findings and recommendations.

This week I was provoked into wondering whether our approach to rating can actually kill! In turn I would like to provoke my audience and ask you what you think.

Given the desperately sad story concerning the Ofsted inspection of a school and the suicide of a teacher, I no longer believe it is appropriate to meander along and not consider the mental health repurcussions of our approach to rating the results of our work.

A coroner ruled that the fear of the grading of a school inspection contributed to the suicide of the headteacher. The process was described as “cruel and intimidating”. Once the inspection started, Ruth Perry’s mental health fell apart leading ultimately to her death.

Interesting that Ofsted are now re-visiting their approach to grading.

I certainly do not want to be part of a profession that causes agonising pain. Why would I want to hurt people that get out of bed to do the right thing. In my experience, most people that have been subject to my internal audit reviews did not get out of bed to do a bad job.

In deciding to rate or not to rate we need to be clear as to our organisation’s objectives in relation to the internal audit process. I strongly believe that the organisation should be trying to create a climate in which individuals are encouraged to do their best to build and maintain a well controlled environment that services the firm’s strategic objectives.

Our approach to rating should only been seen through this lens.

In deciding on our approach, we need to consider a trade off. A trade off between using rating to priortise the results of our work in the minds of time starved consumers of our product versus the cost of rating. These costs include mental health challenges and its consequences. These consequences could include a climate in which the fear of being audited leads to the failure to openly engage with the audit process and maybe even deliberately hide information.

So what am I recommending?

I am recommending that the powers that be, including the audit committee, take the time to regularly debate the nature of this trade off. Is the demand for prioritisation getting in the way of a good honest audit product and a good honest approach to doing one’s best to managing risk and control?

As a starter for ten, extreme care needs to be exercised with incentivisation mechanisms linked to the results of internal audit reviews.

Look forward to your thoughts.

Similar Posts

Auditing Culture – A New Perspective The UK Code of IIA Practice (which comes into force in January next year) requires all internal audit functions to engage with organizational culture….

Stop Press

15th October 2024 STOP PRESS is a daily newsletter provided by Risk Audit to the financial services corporate governance community designed to provoke thought concerning risk management and related control…