If I showed you a picture of a Sasquatch or a unicorn, chances are you would be able to identify them almost immediately. That is to say that nearly everyone knows exactly what they are even though they haven’t been proven to exist. In most cases, the “Fully Integrated GRC Program” fits within the same category. Anyone that has been working in GRC recognizes the concept immediately, but chances are there’s no proof that integrated GRC is fully alive within the organization.
The point Richard Chambers makes is a valid one: Internal Audit cannot effectively serve the organization if it is simply there to put on the brakes (even though brakes are critical to safe driving). Rather, IA can provide the most value to the organization by acting as a guide, providing crucial and helpful feedback along the journey, identifying when the organization has gone off track and letting them know when they’ve reached their destination.
On a daily basis, I work hand-in-hand (or phone-to-phone) with clients to guide them through implementing their Governance, Risk and Compliance (GRC) processes using platform-based software. Having been involved in the implementation of dozens of GRC processes in a number of different industries, I can tell you the one thing they have in common: they’re all different.
Big things are happening in the heart of the country. No…not another World Series run. And not a BBQ, craft beer or jazz festival, either. We’re talking about Onspring Connect (July 10–13), the first of many user conferences for the Onspring community. (Craft beer included!)
When I first heard that my son’s first grade class was looking for parents to speak during Career Week, I looked before I leaped and happily volunteered my time. Then the butterflies set in. I had a hard enough time explaining what I did to my friends and family members. Nobody seemed to have the slightest idea what the heck GRC was or why it mattered, so you can only imagine my trepidation about talking about my job in front of a bunch of six- and seven-year-olds.
The Onspring team is about to take off on a cross-country trip involving just about every mode of transportation known to man. Airplanes, shuttles, taxis, trains, rolling carts—and possibly the odd hover board—will all be employed to move our crew from Kansas City to San Francisco to Dallas in the stretch of 10 days. What could go wrong?
Recently, I watched an excellent TED Talk video by author Simon Sinek that has changed my perspective on my career and my life in general. Simply put, Sinek challenges companies (and by extension the people who work for them) to articulate why they do what they do, rather than simply saying, “here’s what we do.” The idea is that when the right people understand and connect to the reasons why you choose to do the things you do, these people are much more likely to want to do business with you. As Sinek elegantly states: “People don’t buy what you do, they buy why you do it.”
These principles from the IIA set the expectation that effective internal auditors have a strong understanding of their organization, its business practices and the ever-changing risks and opportunities that it faces. For many professionals, this shift will require them to obtain new skills and adopt different perspectives. This shift may be difficult for some to accept, but it is necessary for all, and I would venture to guess that this is welcome news to boards of directors and senior management.
This is the first article in a three-part series I’ll be posting throughout the GRC Conference in Phoenix. My intent is not to dissect the IIA’s changes in minute detail. There have been a number of great pieces written on this topic, and I encourage you to jump over and read what those on the forefront of internal audit are saying, particularly a recent article by Norman Marks and Kristen Gantt that offers a compelling view of the internal audit department of tomorrow.