Blog: Enforce or Enlighten? This Should Not Be a Dilemma for Internal Auditors
In his blog, IIA President and CEO Richard Chambers, CIA, QIAL, CGAP, CCSA, CRMA, shares his personal reflections and insights on the internal audit profession. Here’s an excerpt from his latest post:
I have lost count of the number of times in my career when I heard someone refer to internal auditors as “corporate police” who hide behind the trees with their proverbial radar gun waiting on a transgression by a company official or other employee. This perception is unfortunate, because internal auditors can be so much more effective and valued when they are not seen as the organizational “cops.”
To be sure, we have an important mission of providing assurance on the effectiveness of internal controls. Ineffective or nonexistent controls, which can be breached intentionally or unintentionally, present risks to the organization. Our obligation is to highlight those risks as part of our audit work. In many instances, that may entail identifying officials who “didn’t do their job.” It is those scenarios, I believe, that give us a bad name.