Resources

Starting a new job can be both exhilarating and daunting at first, and starting a new job as an internal auditor is no different. Internal audit is a unique and continuously evolving profession where internal auditors play a critical role in an organization’s operations and corporate governance. Internal auditors use their experience and knowledge of laws, regulations, and organizational policies to examine and analyze an organization’s financials and identify potential occurrences of noncompliance, fund misappropriation, and other risks to the organization. Becoming an internal auditor is rewarding and has a great opportunity for professional development and advancement. Here is what new internal auditors should do to be successful in their career.

Seek a mentor

All internal auditors, whether this is your first year as an internal auditor or you have over 25 years of auditing experience, can benefit from having a mentor. Mentors help internal auditors understand their profession and career opportunities. It is important to find a suitable mentor who has more industry experience, shares similar values or goals, and is someone you admire. The right mentor should be your biggest ally and have a passion for teaching while allowing you to be your own advocate.

Learn and understand the basics of internal auditing and how to conduct an audit

To begin in this field, you must learn the standards that govern the process. The IIA Standards on performance explain the processes for planning, performing, reporting, and following up on audit engagements. The sooner you become familiar with these concepts, the faster you will be able to understand and apply this knowledge for developing and performing internal audits.

Relax and stay calm

When starting a new job, internal auditors tend to put an immense amount of pressure on themselves to be perfect. Internal audit is known for having a steep learning curve, so new auditors should take a deep breath, relax, and know that you are not alone. There will be other auditors, managers, and directors to help you learn your department’s procedures and answer any questions you may have.

Know your limits and when to ask for help

One of the hardest things for new internal auditors to learn is when to speak up and ask for help. Auditing is very technical, and it is highly unlikely that a new internal auditor will be a compliance, accounting, or fraud expert overnight. Do not spend hours trying to figure things out on your own. Rather, seek guidance from a more experienced colleague who can help you. Knowing your limits and knowing when to ask for help can save you time and reduce frustration and misunderstandings.

Be eager to learn and develop new skills

As an internal auditor, you analyze a variety of processes and interact with all levels of employees and subject matter experts. Do not be afraid to ask questions that will help you understand what you are auditing. As time goes on and you gain more experience, you will learn that internal audit is about striking a balance between understanding the big picture and focusing on the small details. Having a good knowledge of your organization’s policies, procedures, and risks will make you a standout internal auditor.

Sharpen your communication skills

Although communication skills are essential in any job, internal audit requires developing two key skill sets: effective writing and effective interviewing. An internal auditor’s writing should be objective and clear, making compelling arguments that present your audit results effectively. For successful interviews, internal auditors must be prepared, ask the right questions, listen, take good notes, and confirm their understanding of the processes and controls being audited. It is also extremely important that the interview is not one-sided but flows naturally from both sides.

Be a sponge by listening and absorbing all the information

As an internal auditor, you will have the opportunity to interact with, and learn from, all levels of employees, including interns, associates, managers, VPs, and directors. You can learn something from everyone you encounter, so be open-minded and receptive. Take note of the valuable skills others possess, such as communication, organization, leadership, and networking skills and learn from them.

Volunteer and get involved in areas outside of your comfort zone

New internal auditors are usually assigned to a variety of different audit engagements before they begin to specialize in certain areas or become subject matter experts. Learn as much as possible from your different engagements, and volunteer to be put on engagements that are not so glamorous, ones you know nothing about, or topics you want to learn more about. By exploring different assignments, you may find a preference for a particular area and may have the opportunity to work with a subject matter expert. If you volunteer to get involved in areas you are unfamiliar with, management and others will take notice of the effort. Your passion may be hidden somewhere you would have not explored if you did not push yourself.

Join a professional network or organization

Consider joining networks or organizations that support and cater to your interests, professional growth, and development. These groups usually offer members training opportunities to help you enhance your skills and stay current on auditing news and publications. Becoming a member of network groups or organizations can also help you grow your professional network and learn about other career opportunities.

Enjoy the experience

You are only a new internal auditor for a brief time. The beginning of your internal audit experience should be embraced because there is no other time in your auditing career when so much knowledge is obtained in such a short period. In addition to the new experiences and learning curve, new auditors are exposed to a vast array of unique individuals with wonderful backgrounds and experiences. Embrace the relationships you develop and the things you learn along the way. But most importantly, enjoy the journey!

Time spent on one task is time we cannot spend on other tasks; this is the law of opportunity cost. As internal auditors with limited time and an almost infinite supply of things that demand our attention, it is imperative that we prioritize efficient time management practices. Audit documentation practices may often be overlooked but can account for a significant amount of time spent on each engagement. Excessive audit documentation does not add value to the engagement and expends valuable time that could alternatively be used to expand audit coverage and increase effectiveness. This article encourages auditors to review their current practices and look for ways to reduce excessive audit documentation.

First Horse, Then Cart

Before diving into a project to get rid of unnecessary audit documentation, it is important first to understand the primary purpose of audit documentation, along with the documentation requirements stipulated in the IIA’s Global Internal Audit Standards. Fortunately, the section addressing audit documentation in the most-recent Standards (released on January 9, 2024) is a relatively brief two pages, and the language is not overly prescriptive, which should allow internal audit shops flexibility when implementing their individual documentation practices. The Standards provide the primary purpose of audit documentation and define the target audience with Standard 14.6:

“Internal auditors must document information and evidence to support the engagement results. The analyses, evaluations, and supporting information relevant to an engagement must be documented such that an informed, prudent internal auditor, or similarly informed and competent person, could repeat the work and derive the same engagement results.”

The key takeaways here are that documentation should always focus on supporting the conclusions of the engagement, and that documentation can be structured in a way that assumes a large degree of competence on the individuals who rely on the documentation (e.g., workpaper reviewers). If documentation does not support the engagement results, then it likely is not necessary and should be omitted from the workpapers. The Standards make it clear that the documentation can be tailored to a highly competent audience. Since a highly competent audience can be expected to more easily read between the lines, auditors may be able to significantly reduce the amount of detail included in the workpapers and thereby save lots of time for both the preparer and reviewer.

For those who comply with the IIA’s Standards, it is mandatory that their audit documentation practices meet or exceed the requirements. However, any additional time auditors spend on exceeding the Standards’ requirements is time that cannot be spent addressing other important audit priorities. While it may make sense for audit documentation to occasionally be more robust than that prescribed by the Standards, auditors would be wise to periodically assess their documentation procedures and determine where the fat can be trimmed.

The remainder of this article provides concrete examples for auditors to consider when examining their audit documentation protocols.

Just Say No to Redundancies

Documenting something on more than one workpaper at least doubles the work for both the preparer and reviewer. Therefore, much time and effort can be reduced by simply looking for redundancies in workpapers.

A good place to start is audit findings, since these may often be documented in multiple locations, including supporting source documentation, testing workpapers, audit programs, audit software widgets, etc. It may be sufficient to document audit findings in only one location, such as in an audit program or findings summary document. Remember that auditors should only include enough documentation so that a competent auditor could replicate their results. For a simpler finding or one that occurs frequently in many audits, a competent auditor might easily be able to reach the same conclusion with merely a brief reference to the finding in the audit program. Limiting redundant finding references will also make things go much more smoothly if the review process results in the modification, consolidation, or elimination of audit findings, as fewer workpapers will need to be modified.

Listing the full names and titles of individuals in multiple workpapers also adds extra time. While it does not take long to type out an individual’s full name and title, the time will really add up if names and titles of multiple individuals are listed on multiple workpapers. A simple hack is to use a name and titles index workpaper or organizational chart. This will allow the reviewer to reference a single workpaper to determine relevant employee titles, and preparers will not have to wonder whether they have already defined an employee’s title in documents where employees are mentioned multiple times, such as in process narratives.

Use Process Narratives Strategically – and Sparingly!

Usage of narrative structure has many benefits. In a recent interview with popular podcaster Lex Fridman, former Amazon CEO Jeff Bezos recounted how Amazon meetings often begin with executives reading a six-page, narratively structured memo on the topic at hand, in contrast to the conventional meeting structured around the ubiquitous PowerPoint presentation. Bezos points out a significant drawback of using tools like PowerPoint when discussing complex topics:

“[A] problem with PowerPoint[s], they’re often just bullet points. And you can hide a lot of sloppy thinking behind bullet points. When you have to write in complete sentences with narrative structure, it’s really hard to hide sloppy thinking. So…it forces the author to be at their best, and so you’re getting…their best thinking and then you don’t have to spend a lot of time trying to tease that thinking out of the person.”

Many of us can relate to Bezos’ mention of hiding sloppy thinking when broadly summarizing a topic. In contrast, having to elaborate our thoughts using a narrative format often blatantly reveals this sloppy thinking and prompts us to dig further and ask additional questions. Often the result is a much more solid understanding of the subject area than we would have otherwise had if we had not been writing with a narrative structure. In internal audit where auditors must quickly get up to speed on a multitude of complex topics, using narrative memos can clearly be a beneficial tool to help them better understand the audit area and increase the effectiveness of audits. This may especially be the case when dealing with more complex topics that demand extremely lucid analysis, so auditors should not necessarily shy away from using narrative memos when it is appropriate.

That said, it is important to consider the downsides of using narrative memos so that they do not become a drag on productivity and efficiency. While the benefits of narrative memos are vast, there is no such thing as a free lunch, and the substantial time it takes to prepare and review narrative memos must be weighed against these benefits. In that same interview, Bezos was quick to point out the significant costs of preparing the six-page narrative memos:

“It’s hard to write a six-page memo. A good six-page memo might take two weeks to write. You have to write it, you have to rewrite it, you have to edit it, you have to talk to people about it.”

Bezos’ description of the challenges of writing a good narrative memo will not come as a surprise to anyone who has had to write a memo on a complex audit topic. With that in mind, auditors should carefully weigh the pros of using the narrative format with the fact that using it may add substantial time to the audit. Consideration should be given to both the complexity of the topic or process to be covered, along with its importance as support for the overall audit conclusions. If the topic or process scores low on both criteria — that is, if it is a relatively simple topic or process and is not critical for support of important audit conclusions — then consider whether it can be more efficiently summarized via another medium, such as covering it in an audit program step or with a basic process map.

If the narrative format ultimately is used, though, reviewers should not hesitate to give constructive feedback to audit staff who include too much irrelevant information. This feedback will ensure that audit staff always have management’s priority for conciseness at top of mind.

An Audit is Not a Criminal Trial

To be convicted of a crime in the U.S., one must be proven guilty beyond a reasonable doubt. Not so for audit findings, especially in internal audit. While audit documentation should clearly demonstrate how conclusions were determined, it is not always necessary to consider all possible alternatives and defenses to identified issues. This is especially the case when issues have been discussed with management as they have been uncovered and everyone agrees with the findings. It is also important to remember that internal auditors typically prioritize a proactive focus in their engagements. Auditors need to identify which processes and controls are broken so that they can be fixed, not because they want to point fingers and demonize employees for their past mistakes. Often, more time should be spent working with management to ensure they implement audit recommendations that mitigate risks identified during the audit than on documenting evidence for audit findings.

The Little Things

Be on the lookout for small inefficiencies that may add up. For instance, if multiple auditors rely on the same procedures, consider developing a standard tick mark legend that can be copied and pasted into each audit, rather than having auditors manually create one for each individual audit. Watch for over-referencing or over-ticking, considering whether a prudent auditor could follow the workpapers without the extra work. Consider annotating the first document in a large sample as a guide for finding the information in the rest of the sample. Ensure auditors are not spending too much time on PDFs with excessive highlighting, boxing, and linking that does not actually make it easier for that competent reviewer to understand the work performed. While it may be tempting for reviewers to ignore the little things to avoid seeming pedantic, keep in mind that these things add up. This is especially true if internal audit shops are in the habit of always adding rather than subtracting.

Addition by Subtraction

In his 2021 book, “Subtract: The Untapped Science of Less,” author Leidy Klotz points out the human tendency to add things rather than subtract. While addition is often necessary and useful, we often fail to consider subtraction as an option, even in cases when it may be more apt. Klotz makes it clear that he is not prioritizing one over the other, but notes that since we so often fail to consider subtraction as an option, there is much “untapped potential” to be gained by simplifying. If auditors only focus on what they can add to enhance their documentation, they might be missing easy improvements. Do not ignore that low hanging fruit! Consider which audit documentation can be subtracted to make audits more efficient and effective.