Working With Internal Auditors
Blogs Abdullah Al Mahmun, CIA, CMA Apr 28, 2026
For clients, understanding how internal auditors think can help them be better prepared when the next auditor walks in with a serious face and long list. Audit functions can train employees on what to expect from an audit by holding workshops or posting information on an online portal. The internal audit team may even consider doing this during the month of May for Internal Audit Month.
One simple way to explain the process and expectations is with a list of Dos and Don’ts. This is my list; depending on your organization’s culture, your list may look different. These are practical ways to make the audit client’s experience smoother and help them better understand the process.
Dos
1. No information is ever informal.
Audit clients might think what they say to an auditor “off the record” will stay between the two of them. It may still be used if it’s relevant and credible, sometimes without naming the source. Assume nothing is casual. It will save the client from surprises later.
2. Review the requirement list carefully.
If it’s not a surprise audit (like cash or inventory counts), auditors usually send a notification and a list of requirements in advance. That list matters. Requests are rarely random; they point to areas that will be tested. Reviewing the list and preparing the right documents early makes the process easier for everyone.
3. Understand the objective and scope of the audit.
Always ask what the audit is about and what it covers. It’s a fair question. Sometimes auditors go beyond the scope, not to cause trouble, but because something catches their attention. Knowing the boundaries helps the client prepare and, when needed, bring the discussion back on track.
4. Know the audit stage and context.
It helps to know what stage the auditor is in, whether they are planning, doing fieldwork, or discussing observations. Each stage has a different focus and understanding this helps clients manage expectations and respond appropriately.
When audit points come up, clients should look at them in the context of the business. Ask whether the observation genuinely adds value or addresses a real risk. If it does, treat it as useful input. If it does not make sense for now, it is reasonable for the client to say so, including stating that management has accepted the risk, if the response is honest and reasoned.
5. Know the organization’s policies and procedures.
Auditors usually start with policies. They want to know whether they exist, are updated, and are followed. Missing or outdated policies are easy findings or “low-hanging fruit.” Clients should make sure their team understands what’s written and what’s actually practiced and is ready to explain any gaps.
6. Know your boundaries.
Making unnecessary comments outside the person’s role just to sound knowledgeable is not a good idea. If something doesn’t fall under the employee’s responsibility, it is perfectly fine for him or her to say, “I’m not the right person to answer that.” That is not being uncooperative; it is being professional.
7. Assess the auditor’s objectivity.
Auditors are expected to identify issues and areas for improvement. They’re often assessed on the value and insight they bring, and management usually expects something tangible in the report. That’s why fully “satisfactory” reports are uncommon.
When everything looks perfect, the question naturally comes up: Did we really audit enough? At times, this expectation can narrow the focus and miss the bigger picture. If an observation feels impractical or one-sided, the client should challenge it. Professional auditors expect and respect this kind of discussion.
Don’ts
1. Don’t take audit issues personally.
It’s natural for audit clients to take pride in their work, especially when they have been involved in decisions for years. Over time, certain practices start to feel “normal.” An independent view often highlights what insiders no longer notice. Taking findings personally shifts focus away from the real objective: improvement. Professional clients separate themselves from the audit issue.
2. Don’t delay information on purpose.
Auditors work on timelines. Intentionally delaying responses or ignoring emails does not help. It only creates tension and leaves a bad impression, even if the client’s intention was just to buy time.
3. Don’t mislead or distract.
Trying to divert auditors toward irrelevant areas or give misleading information usually backfires. Remember, Auditors have seen this tactic before and can tell when it’s happening.
4. Don’t flood auditors with unnecessary documents.
Sending excessive documents doesn’t confuse auditors; it slows everything down. Share what’s relevant. The goal is to keep the process meaningful, not exhausting.
We’re on the Same Team
Internal auditors are not opponents; they are part of the same system working toward improvement. In most cases, we genuinely appreciate when clients acknowledge and value the points raised. The best audits are built on mutual understanding and respect.
At the end of the day, working with an auditor is not about avoiding findings or hiding issues. It’s about professionalism, transparency, and building sound governance.