Skip to Content

​Get To Know Your Customers Day

Articles Mike Jacka, CIA, CPA, CPCU, CLU Oct 21, 2021

Did you know that today (as this is posted) is "Get To Know Your Customer Day"? No? Seriously?

How could you have missed so monumental and important a day? Well, to be honest, I wouldn't have known either except that it popped up on my National Day calendar. Apparently, it is celebrated the third Thursday of every quarter and you can learn more here.

Get to know your customers. What a great idea. And isn't it fascinating that the concept is so foreign to some people that a day has been identified to specifically emphasize the need — a day that is celebrated quarterly.

Which raises basic questions every audit department should be asking. Do you know your customers? Do you talk to them? Do you understand their business? Do you know the risks they face and the associated responses? Can you explain what they do and how it impacts the work you do? And the most basic question — one some audit shops never ask — do you know who your customers are in the first place?

All good, valid questions — questions that are the foundation for understanding our clients. But, as deep and complex as these questions may be, they are only the beginning. Really knowing our customers takes more digging, and more work.

In the description of Get to Know Your Customer Day and an associated article, the authors provided some suggestions on how to better know one's customers. Some of these suggestions are obvious. But others, at least when viewed through the lens of internal audit, take on a different perspective. Let's explore a few.

Ask your customers questions. This may fall in the "Tell me something I don't already know" category, but do you actually ask your customers questions that are important to the customer? Or do you only ask questions that are important to you? The article continues, "Find out what services and products they need." Have you thought in terms of services and products you might supply to fill the customer's needs? Not just doing audits, but services and products that internal audit might provide to add value to the customer.

Follow up on a purchase. I'm going out on a limb here, but I'm guessing that, if there is any follow up after the audit, it takes the form of following up on corrective action or sending out a survey. We'll get to surveys in a second, but do you actually talk to the customer after internal audit services are provided to determine if those services worked for that customer? Such conversations, done correctly, will not only show what is right or wrong with the services being provided, but will also provide a better understanding of the customers themselves.

Conduct a Survey. A lot of internal audit shops send out surveys. However, most of those departments seem to do little more than collect the data as a measure of success. "This pie chart will show that we succeeded by reaching our goal of an average survey result of 3.1415926." Such measures are, essentially, meaningless. And they do nothing for the customer. For surveys to have meaning, two things should take place. First, ensure customers know the surveys are taken seriously by internal audit leadership. If you do not get a response, follow up. And continue to follow up (nicely), taking those requests up the internal audit chain of command, as necessary, to demonstrate that leadership cares about the results. Second, when you get those results, follow up with the respondent — particularly if the survey indicates there may be issues. From personal experience I know that such follow-ups make a difference in working with customers in the future (See "Follow up on a purchase" above).

Network with other businesses. In our case, "other businesses" would be networking with other audit departments, something the profession does pretty well. In particular, most of us use IIA meetings, conferences, and seminars to learn how other audit departments get their work done. But how many of us are using those opportunities to learn about best practices in getting to know the customer?

Create a Customer Profile. As you learn about your customers, start keeping a record about them — what has worked; what hasn't worked; how they respond; their likes, dislikes, backgrounds, hobbies, interests, etc. Note that it is a thin line between informative and creepy/illegal. But walk that line and you will have information that can be used by anyone in the department to better interact with customers. (To get more information on this approach, look up Farley files.)

Hold a Special Event. I've told this story way too many times, but it is good and worth repeating. We would hold an annual internal audit open house. Trust me, offer free food and people will show up. We would have lines out our doors as we met and greeted people. We recruited new auditors, we had requests for audits, we put faces to our clients, and the clients put faces to the internal audit department. And, ultimately, we built rapport. They got to know us, and we got to know them. For you, a special event might be an open house, a poetry slam (yes, we did that once), selling off sections of the wall outside your office to be painted to raise money for a charity (did that one too), or anything else you can think of that puts a human face on internal audit while helping you learn about your customers. Find what works for you and do it.

Here's the ultimate point. We use the word client, we use the word auditee, we use the word … well, I can't use that word in a family blog post. Call them anything you want, but they are all customers. And we have to learn to reach out to them not as auditees, not as clients, not as people who have to accept our services, but as customers whose needs we can fulfill. That means making the effort to do more than just audit them; it means reaching out as one group of human beings to another to understand their motivations, needs, and the ways we can all work together to succeed.


  • When it comes to the purchasing of services per hour — lawyers, IT developers, consultants — how often are organizations overbilled? How can an organization find the right balance of trust and control? Organizations risk playing a “catch me if you can game” with contractors unless the environment encourages fair reporting of spent hours. Internal audit’s role is to review the process of hour validation and determine whether hours can be verified, at least to a reasonable extent. 
  • Operational-level management is usually overwhelmed with important daily issues, so it is difficult to get managers to take an interest in a potential fraud risk. When they read an internal audit report that raises a red flag about something that has not happened — but might — they might not care nor understand the seriousness of the risk. Rather than point out lack of caring, internal auditors should suggest additional controls or work toward reaching a compromise that satisfies both parties.
  • Collaboration with a contractor that acknowledges fraud is unlikely to happen often — if at all. If the contractor has already made up its mind about how much it is going to reimburse, any collaboration promises are likely to be empty declarations. Also, internal audit should keep in mind that there is likely a specific reason why a contractor wants to acknowledge fraud. The best-case scenario is that the contractor is embarrassed of its findings and wants to avoid bad publicity. The worst case is that it is trying to cover up something much bigger and wants to voluntarily return a small part of what was stolen from the company to avoid litigation and prosecution.
  • When circumstances require internal audit to collaborate with outside parties where conditions or other information is exchanged, it should include legal counsel to avoid any unwanted damage to the company, such as disclosure of confidential information. It’s important for internal audit to know when to step back as a trusted partner.

Mike Jacka, CIA, CPA, CPCU, CLU

Co-founder and Chief Creative Pilot, Flying Pig Audit, Consulting, and Training Services (FPACTS), based in Phoenix.