Mind of Jacka: Decisions, Decisions
Blogs Mike Jacka, CIA, CPA, CPCU, CLU Nov 14, 2024
I remember the first time our internal audit department told executive management we were considering strategic-level audits. I remember it vividly because their reaction precipitated one of California’s major earthquakes. Okay, I overstate the reaction. But suffice to say that there was an immediate knee-jerk reaction from leadership that our conducting such audits was not a good idea. In fact, “No way!” best summarizes their reaction.
The crux of their argument? “Who do you think you are to conduct audits that question our strategies?!!” After the rolling and shaking subsided, we explained we were not trying to question those strategies. Rather, we were going to look at the processes involved in developing the strategies — the processes and information used in making the decisions, as well as the processes and information that would be used to monitor success.
Some calmed down; others still didn’t buy it.
So, we began with one of the clients who not only calmed down but was glad to accept our presence. This was a review of the organization’s strategy regarding social media, and we had positive results. We found that individual departments had a good handle on things, but there was no overall organizational strategy — no way to align everything that was being done and to ensure the organization’s overall objectives and strategies were being achieved. Note that, as promised, we were not questioning the strategies but determining how those strategies were developed and how they aligned with other organizational strategies.
Over time, we didn’t do a lot of strategic-level audits. They take a lot of time and a lot of client buy-in. But the few we completed were well-received and impactful.
As mentioned previously, one of the things we were looking at was the actual process used in building these strategies. Ideally, we would find out who was involved, the information used, and how the information and decisions moved through the chain of command. Was this a quick process? Was it a thorough process? How was information vetted? Was the final strategy based on the preceding, or did it just happen because of someone’s whim? (Someone important, for sure, but a whim nonetheless.)
I still see some of you shaking your heads. “Nope, not gonna happen on my watch.” And I’m not here to convince you. We can meet at the bar later and discuss.
But there is an aspect of this type of audit that all internal audit departments should embrace within all audits — the assessment of processes used in decision-making. You may, to some extent, already be doing such reviews without really thinking about it. But it needs to be front of mind in all our work.
Within every department, many decisions are being made. And within every process, multiple decisions are being made. And we need to recognize that these decisions are more than a diamond on the flowchart with a choice of “yes” or “no.” There is always something grey behind these decisions where people must determine the best path. And we need to not only recognize them but determine how they impact the objectives of the process, the departmental objectives, and even the organizational objectives.
So, all of the above speaks to two things. First, you may want to be (you should be) more involved in strategic-level audits. They can be some of the most impactful and valuable audits you conduct. But, as important as these may be, there is the second point. We need to focus on decision-making in every audit we perform.
And while we’re at it, maybe we should take a look at the decisions we are making in our own operations. In all things, auditor, audit thyself.