Finding the right tool for internal audit, compliance and risk management

Internal audit program considerations

I’ve always been impressed by people who can build things. This fascination began when I was very young. My dad worked on a road construction crew, and on several occasions, my brother and I were lucky enough to ride along on the asphalt paver, road grinder or steamroller. What kid wouldn’t love riding around on heavy machinery? To this day I get a thrill from watching any construction project in action. Whether it’s carpentry, masonry, electrical, plumbing, road building, or anything related, I’m amazed by people who have the vision and skills to take a pile of materials and a few of the right tools to produce something useful.

What impresses me most about these “builders of things” is their ability to select the right tool for the job. My dad’s engineering background served him well as a home handyman. When I was in second grade he took on the biggest handyman project I’ve ever seen when he built an addition on our house—almost entirely by himself. Being a dutiful 8-year-old, I asked incessantly how I could help. My dad was extremely patient with me, explaining what each tool was used for, showing me how it should and should not be used, and allowing me to hammer a nail here and there.

I wish I could say that my dad’s home repair acumen stayed with me. Sadly, this was not the case as I am somewhat of an “all thumbs” handyman. However, when my dad is around to give me instruction and show me what needs to be done, I somehow find my ability. One of the most important lessons he ever shared was that each tool had its specific function in the overall process, no matter how often or sparingly you use it. Or to put it another way:

You can’t build a house with a hammer alone, but good luck building without one.

In some strange, roundabout way, I have become a builder, too. Of course, the things I build are not made of wood, drywall, conduit, wiring, pipes and nails. Instead, I build software solutions that help organizations manage complex business processes in a manner that is efficient and (dare I say) enjoyable for those involved.

Over the last several years, I’ve had countless conversations with folks who find themselves in need of a better way to manage workflow, data analysis, and reporting. I frequently hear, “Can your software do X?” To me, this means, “Is this the right tool for the job?”

I must weigh my response to this question carefully as I never want to offer someone a hammer for a job that clearly requires a saw. What could be worse than to say, “Oh sure, it looks like a hammer, but if you reshape it and twist it around, well I suppose it could be a saw”. That’s a losing proposition for everyone because the output of the project will never match the expectation.

At Onspring, we understand that our no-code platform is indeed a tool. It is not a cure-all or an easy button. It’s a tool that enables people to work together, solve problems, and create value in the areas of internal auditrisk managementcompliance, and other business functions.

Onspring is very good at solving the problems that it’s designed to solve, but it’s by no means the one and only solution to every problem. As long as we understand this and clearly communicate the most effective use of the tool, we’ll continue to be an essential asset for our clients. What’s more, if our clients supply the building materials—management support, team engagement, and a desire to find a better way of doing things—then we have just the tool to help put it all together.

About the author


Jason Rohlf
Vice President at Onspring
20 years itnernal audit & GRC experience