Saturday, November 8, 2014

CAE : How Many Windows Are Broken in Your Department ?

For those not familiar with the broken window theory* , it simply states that "If a window in a building is broken and left unrepaired, the rest of the windows will soon be broken as well, because the unrepaired window signals that no one cares".**

Simply put, the theory is mainly used by police departments (especially in big US cities) by making arrests for small crimes to prevent larger ones. As expected, there are supporters and critics of the theory ,the purpose of this post is not to offer an opinion on it, but rather to use it as a metaphor !

The internal audit "building" consists of many windows ,the CAE needs to check if any of these windows is broken in continuous basis and fix it immediately . Examples of  broken windows are:

  • lack of zero tolerance policy regarding weaknesses in integrity ,objectivity or independence,
  • Lack of  relevant training and poor hiring policy
  • Poor communication quality,
  • Lack or non- existence of a marketing plan
  • Lack of soft skills among the internal audit team,
  • Low self esteem
  • High turnover
  • Lack of IT skills
The above is not a comprehensive list, but a sample of weaknesses in the internal audit function .

I have not included lack of  understanding of the organization's strategic objectives,business and associated risks as windows ,because these are much bigger issues and constitute the foundation of the internal audit building !

The end game of having unfixed  broken windows in internal audit is that the internal audit looses respect and become irrelevant !

How many broken windows do you have in your internal audit department ?How do you discover and fix them ?

Please share your experience and thoughts .



* By James Quinn Wilson
**http://www.nybooks.com/articles/archives/2014/nov/06/broken-windows-and-new-york-police/

 

No comments:

Post a Comment

Are you getting the most from the ethics mandatory hours?

 Like many of you at this time of year, I have been looking to take the mandatory two hours of ethics training to comply with the IIA cpe  r...