Mind of Jacka: Perception is a Mental Game

Allow me a moment of proselytization. If all you are doing is financial, compliance, and SOX audits, then you are not providing full value and run the risk of being replaced by another department and/or bots. It's not that we should not be doing these types of audits (although I've got a whole 'nother rant about SOX I won't go into right now); it's that, if this is the only work you're doing — the sole reason for your department's existence — then your value-add may be quickly approaching nil.

Internal audit is truly valuable when it spreads its wings and starts understanding, recognizing, and looking into the bigger organizational risks — operations, ESG, human capital, cyber, digital transformation, culture, brand, and, yes, mental health.

If there is one thing the pandemic taught us (and limiting it to one thing is a mug's game, but let's just move on), it is that mental health is an important consideration in our ability to do our jobs. And, while our mental health may take a beating and keep on ticking, it is still a fragile aspect of the human condition. The pandemic was not kind to us. And now, as everyone recognizes that the good ol' days are only a couple of years ago and that everything we thought about business has been turned on its head, people continue to struggle with what this means for how they will work, where they will work, and how their lives are changing. These changes have an impact on the way organizations get things done, on employees' mental health and wellness, and (as Sharmila intimates) the successful achievement of the organization's objectives.

Successful achievement of objectives. Ring a bell? As stated in the IPPF, "[Internal audit] helps an organization accomplish its objectives..." And, if employees' mental health is impacting the achievement of objectives, then it is obvious internal audit should take wellness/mental health into account as it looks at risks.

But then we get to the tricky part — how the organization perceives the internal audit department. Is the review of a squishy area like mental health in line with the work the department has been doing, or would it be as foreign and alien to your audit department as a request for a trip to Tralfamadore to check on Billy Pilgrim?

So, to begin reviewing an important area like mental health and wellness, you must understand the perceptions and position of internal audit within the organization and take the appropriate approach. If this type of work is already in your department's wheelhouse, then dive in. Explore the issues, the surrounding impacts, and the organization's understanding of the risk and its responses. However, if your department has only recently been allowed to look into these soft areas (culture, human capital, reputation, etc.) then tread carefully. That's not to say that you shouldn't be exploring risks related to mental wellness, but coming at it full force may not be the best way to maintain the department's ability to expand its reach. You need to recognize the temperament of those in charge (your audit committee and the organization's executives) to best understand how to introduce internal audit's interest and concerns regarding mental health and wellness.

And if you are a strictly financial/compliance/SOX department that is looking to expand your impact/value, then this may not be the place to start. Walking into the audit committee and saying you are going to start reviewing a soft area like mental health can result in stony silence, laughter, an immediate review of internal audit leadership, or all of the above. Instead, find the operational audits that will best get your feet in the door. Note that you don't have to ignore wellness/mental health. In fact, you can start asking related questions during operational reviews. And, if you get some good stuff, you may be able to completely open that door.

All said and done, the risks related to mental health and wellness are important issues that internal audit should consider. And it is important to understand if the organization has recognized and is addressing those risks. But your department's ability to look at the risk, react to the risk, and, most importantly, report on the risks depends on the status and perceptions of your department within the organization.

So, again, the quick easy answer is that, yes, mental health and wellness should be considered as a risk worth reviewing. But everyone's approach must be tailored to their specific circumstances. Ultimately, no matter your status, situation, or perceptions, there should be nothing stopping you from some type of foray into this important area.

And one more thing. Up about paragraph six or so, I was outlining some bigger organizational risks that audit shops should be considering. Did you read those and smugly think, "Why yes, we are going in those directions." Looking again, how many of them are you really considering? When you talk about your shop being innovative and looking at broader risks, does that mean you are really looking at the new risks — or even at the old risks in new ways? It's easy to say your department is reaching new heights, but it is always a good idea to occasionally check to make sure those heights are actually high.