So, her question is, âIs there a way to make the relationship with my boss more trusting and productive? Her 360 reviews are pretty glowing, pretty positive, but sheâs not getting good consistent feedback from her boss. The listener just sort of sat there because she wasnât sure what to do, and she felt like this boss was trying to get her to quit.
She ended up raising her voice, the boss did, told her that she doesnât believe that the listener has emotional maturity, that she lacks self-awareness. A week later, this listener tried to tell her boss about the impact that had, and that only set her off. My boss wasnât in that meeting, but after hearing what I said, she told me she canât trust me if sheâs not in the room, and that I act like I know everything and have my own agenda.â For example, in a meeting with our CEO, who is my bossâs boss, last week I shared my thoughts around how we, the senior leaders, should communicate a strategic change to our employees.
Well-managed audits result in compliant processes, products, or systems, which ensure improved business performance. As stated earlier, the success of regulated businesses is determined by the success of audits. A financial audit is a minimum requirement for every business, but you may need to prepare for multiple audits. So as I said right at the beginning, itâs incumbent upon us to make sure we build defenses that block these things as real time as we can because people will use GenAI for these things. And itâs going to be very expensive for your business in the future if youâre not secure. And if you donât understand your product, you donât understand your service, itâs very hard to build a great business around it.
About HBR
Automated workflows speed the internal audit process while minimizing potential for human error or omission. The 2025 Global IIA Standards introduce enhanced requirements for internal audit quality assurance and performance assessment. This frees your skilled auditors to focus on investigation and advisory work rather than manual data gathering. Instead of six-month audits culminating in massive reports, conduct two-week sprints that deliver specific insights management can act upon immediately. This risk-based approach ensures audit resources focus on controls with the greatest impact on business objectives.
Technology also enhances audit reporting through data visualization and dashboards, making findings accessible to non-technical stakeholders. Key changes include enhanced quality management system requirements, stronger integration with enterprise risk management and expanded guidance on technology utilization, including AI governance frameworks. The 2025 Global Internal Audit Standards, effective January 9, 2025, emphasize risk-based strategic advisory roles rather than purely compliance-focused activities. Earlier tools sometimes created “dark data” that couldn’t be analyzed or shared effectively.
Engage with the business you’re auditing
This doesn’t mean every auditor needs deep technical expertise â but your function needs access to these skills through hiring, training, or co-sourcing arrangements. Develop specialized capabilities for auditing IT general controls, cybersecurity frameworks and emerging technology implementations. Conduct sprint retrospectives to continuously improve your audit approach based on what worked and what didn’t.
And so most of the conversations I have now are about alignment. And this new promotion, weâve talked about on the show before that youâre now the editor-in-chief. So, Iâm very excited to talk about my conversation with Melody with you. The micromanagement is very clear.
In contrast, in Silicon Valley you have companies that are constantly working with each other and competing with each other at the same time. Employees were discouraged from talking about their work with people at other companies. And rather than eschew that behavior and be worried that one companyâs going to poach from the other, the idea is that collaboration, that brainstorming, that informal communication, will actually enrich all companies in the industry. LinkedIn and Google employees interact with each other all the time, drive next to each other, go to the same coffee shops, and talk about whatâs happening in the industry. And this is true from the one person start up to companies like Google, which obviously have thousands and thousands and thousands of really smart people. Because at least youâre being above board and taking steps to manage the situation.
Managing Up, One Conversation at a Time
âAuditBoard elevated the depth and consistency of engagements with risk teams, process owners, and external auditors, fostering risk-aware insights.â Scale your audit function and become a trusted advisor in the evolving risk landscape. A) Addition of the risk-based approach to the principles of auditing O) Conforming with audit program procedures E) Defining number, scope, location, and duration of audits
What metrics should organizations use to measure internal audit effectiveness?
That really balances that, making sure that youâre giving credit where credit is due, but youâre also making sure that your piece is not lost in there. So you may say something like, it was really wonderful to see how the team pulled together to really get all of that over the finish line. How do you bring that up with your manager? That may mean creating a couple of sample slides that they can present to the senior leadership team on this idea or maybe a template email they can send around.
Food Safety and Quality Management Systems
I can even imagine saying, because if your styles are very much in conflict, saying, âOkay, I hear you, right, thatâs helpful to know. And this is where nuance matters, especially if youâre a bit more seasoned in your career, you have more leverage because of your expertise, because of your tenure. I can get into more details after that if you need more.â What this does, itâs not a huge sacrifice for you, itâs not you betraying who you are. Now, if youâre that person, if you just make a little tweak to how you present that to say, âOkay, thanks for meeting with me. And that is not at all what Iâm advocating for, thatâs going to burn you out. And that refers to one of the stress responses is fawning, which is basically people pleasing, just contorting yourself to the people around you to the point where you lose yourself.
Being able to achieve this demands that you put in place some best practice approaches to internal audit management. In an ideal environment, your internal auditor combines auditing rigor with consulting insight â checking processes while suggesting improvements that help your organization evolve and grow. However, the benefits of effective internal audit management extend beyond mere compliance. Current federal AI governance mandates have also expanded internal audit responsibilities to include artificial intelligence risk assessment and control frameworks. This demands more sophisticated internal audit management approaches than traditional compliance-focused methods.
HBR Store
So, she says, âIâm dealing with a highly emotional boss who often assumes negative intent. Letâs now talk about the second situation, and this is sort of a situation I think where it sounds like maybe managing an audit some of the conversations have happened, but they havenât quite worked. â That way, you get objections out early about your readiness, or maybe thereâs other people they need to bring into the fold that need to be involved in this decision, and you start contracting around it. Thatâs why those questions around, how is this tied to the metrics at the leadership level, thatâs why all of that is important.
Assigning responsibilities for program management đ
- And that is not at all what Iâm advocating for, thatâs going to burn you out.
- Furthermore, investing in quality LDAR equipment and technology reduces the chances of excessive leaking and ensures a better-quality LDAR program.
- So, a lot of the conversations Iâm having now concern introducing people to our thinking and helping them embrace it, right?
- Your role isn’t to manage cybersecurity but to provide assurance that management’s approach adequately addresses the risks.
- The flip side also is that if you put a kill switch in AI and itâs running a nuclear power plant and you kill it, then thereâs a risk that you intercept a process which can have unintended consequences.
So when time came for cuts, I was the easiest candidate to let go of. I want to make sure that Iâm understanding from a higher level what theyâre seeing, what is most important so that I can take that back to the rest of the team, and make sure weâre focusing on the right things.â So first of all, when you make the request for a skip level, make sure your manager understands why are you asking for this? Thereâs an expectation that you will meet with your managerâs manager somewhat frequently, whereas in other cultures that isnât as common. Thereâs also organizational culture here.
You can avoid the stress of random EPA audits by conducting self-inspections of each of your LDAR program levels every three years. We specialize in hiring for accounting and financial audits, making us the ideal choice for businesses seeking top-notch financial audit companies or staff. With a few simple data points, we’ll estimate the improvements in program cost, hours saved, and revenue at risk with AuditBoardâs connected risk platform. Increase visibility into your company’s top fraud risks for proactive fraud management.
What role should internal audit play in AI governance?
If you are in a regulated sector, such as the life sciences, your success in audits determines your success. Regulated sectors and/or larger markets require more audits. For example, if you are in the life sciences sector, prepare for ISO, US FDA, EMA, MHRA, and other regulatory audits. The scope of an audit can apply to an entire organization or be limited to a specific function, step, or process. So we are going to see possible business interruptions if we donât get our act together. Six years ago when I started, I used to hear about things and took eight days or 10 days and the largest was 47 days, of dwell time for somebody to come in and be in your infrastructure, take the data out.
A conversation with Palo Alto Networks CEO about his approach to innovation as new technologies and risks emerge.
- An audit management program enables the completion of all the individual audits needed to ensure compliance with the regulatory and organisational obligations.
- So we have products, Iâm sure other people in the market have products that deliver that capability.
- The scope of an audit can apply to an entire organization or be limited to a specific function, step, or process.
This planning phase it is essential as it allows to prepare in advance audit operations and to start the audit smoothly in a professional manner. There can be many different situations where a risk-based approach can be used, for example on sampling methods. An appropriate use of sampling shall be used, which could be dependent from the size of the organization, for example. In general, an audit shall be based on samples of the information available. They should be able to make reasons judgements through all the audit situations. High-risk areas may require quarterly assessment, while stable low-risk processes might be evaluated every months.
That means paying for trips to conferences, allowing people to take interesting people out to lunch. Meanwhile, the company is investing in employeesâ employability. That adaptability is what enables the company to survive and thrive. The company is getting increased adaptability. The only way you can have innovative people is by presenting them with a different way of working together. And we feel that the only way you can really have innovation, is by having innovative people.