As someone who has worked with auditors for over a decade implementing software to help streamline their audits, I can undoubtedly say that the auditor stereotypes are mostly untrue. First off, I’ve met several auditors that I would consider “glass half-full” people; the kind that would be more likely to say, “What would we do if Karen won the lottery and quit?!” rather than “What would we do if Karen got hit by a bus?!”
Let’s consider everything auditors do. Their best work might be getting organizations to simply follow the rules—when they get groups to comply with rules and regulations, I think that’s a super feat in and of itself. But there is far more to being an auditor than just following the rules, and that’s where the superhero thing comes into play.
I am what you might call a late bloomer. It took a while, but I finally feel like I’m coming into my own with this whole “being a professional” thing. I share this because in my early days as an internal auditor I didn’t really grasp the concept of why we were doing what we did, let alone how we were helping drive a risk-focused culture in our organization.
To some, the constant barrage of “why” questions from their kids is irritating, but to me it was my very favorite thing about having those youngsters in my house. The concept of “why” is rooted in learning. When you ask this question, you are seeking to gain knowledge, perspective, understanding—you simply want to figure it out.
Onspring recently conducted a survey, reaching out to audit professionals to find out about future trends in the internal audit field. Putting together tangible questions that deliver concrete results on current practices in internal audit and risks that may impact the field in the future was our target, and that was accomplished.
A lot of times when we start showing a client our out-of-the-box audit solution, we’ll be told, “Oh, that’s pretty close to what we already do.” We’ll have to tweak a couple of fields, but what Onspring starts with initially is usually all that a lot of clients will need. We take a lot of pride in the fact that we’ve added and shaped our audit solution to meet most of the needs presented to us by customers.
Much like my fishing trip, you should begin defining your requirements and planning early on, maybe even wade around in research materials for a few months before beginning the purchasing process itself. It is of paramount importance to ask yourself the tough questions that will help shape and define your scope—questions around your budget, specific needs, timeline and workflow requirements tend to work best.
From a work perspective, I am just as excited at the prospects of getting back in touch with people and things that matter. In the last couple of weeks I’ve been focusing on the following things that I think will help me get back in touch with why I love working at Onspring.
One of the prerequisites to acquiring a GRC platform should be like a lot of other major items that are bought; when you are looking to make a major purchase or acquisition, consult many people in a lot of different areas. Ask your friends or colleagues, read reviews, do extra research, and as strange as this seems, even see what the trolls of the internet have to offer.
For those who aren’t aware, NIST is the National Institute of Standards and Technology, a non-regulatory agency of the U.S. Commerce Department. NIST develops and issues standards, guidelines and other documents to encourage and assist federal agencies and the private sector in implementing these standards.
The Onspring Sales team knows you probably don’t want us to sit on the couch with you and watch Onspring videos after just having spoken for the first time, but we do our best to make you feel at ease with the resources available to help with education and awareness of where you’re at with your processes and where you can be in the future.
Onspring’s leadership, product, solution engineering, professional services and sales teams have hundreds (yes, hundreds!) of years of combined experience in business process automation with a focus on GRC. Nearly all of us here have had experience working for other GRC software providers or have helped to deliver consulting and implementation services across nearly every GRC product listed in a review, quadrant, report or software list.