What value are you offering these days?
This is probably the most important question management is asking these days. Functions and activities that don’t add value are outsourced. Quality, operational, internal, and financial audits are outsourced if they don’t add real operational and managerial value.
Value means different things to different people. What is important to one organization may be different to another. One company’s best practice may be another company’s standard operating procedure.
Today, audit value comes from managing risks, measuring operational effectiveness, and assuring stakeholders business requirements are satisfied. Also, periodic assessments provide trend lines to determine improvement and identify performance gaps. New issues arise. Processes, systems, and products are better understood. Risk correction, prevention, preemption, and prediction are emphasized. Mistakes are detected and controlled further up the value chain. Business objectives are operationalized. Risks are managed. Opportunities are found. Priorities are refocused.
AUDITING CROSSROADS
Internal and quality auditing have matured and are at a crossroads. In the early days, internal auditing was successful by adding credibility to financial statements. The concept of internal financial control became institutionalized in many organizations and became fundamental to most management decision-making.
But things change. Critical stakeholders now aren’t happy with the value they are receiving from financial statements. Why? These statements often reflect a situation that is three months or a year old. This seems like an eternity in today’s rapidly changing market. Operational and management data are poorly represented in the statements. Financial analysts and investors want more reliable and accurate financial and most importantly operational data. How do they get this? The term that we are hearing a lot today is ‘value added audits.’
We wrote a book on this topic several years ago. Why did we choose the term ‘value added auditing’ for this book? Traditional internal auditing, quality auditing, environmental auditing, ISO 9000 systems auditing and other types of auditing are being integrated into a unified body of assurance, assessment, and consulting services.
INTEGRATION OF INTERNAL AUDITING AND QUALITY AUDITING PRACTICES
All organizations seem to have gone through at least one reengineering or reinvention cycle. What adds and detracts value is being looked at ever more closely. Value detracting activities are eliminated. So, we’re beginning to see the integration of quality auditing and internal auditing into a generic value added auditing model of partnering, process assurance, and risk management services.
Internal auditing, quality auditing, and other internal assurance/control functions are being reinvented. We’re seeing more cross functionality, where many assurance functions including security, safety, environment, quality, customer-supplier evaluations, and internal auditing are being subsumed under an Internal Auditing or Risk Management organization. This group consists of a multidisciplinary group that provides best practices, internal auditing, consulting, and regulatory compliance auditing.
The term ‘quality auditor’ is even changing in some organizations. Some organizations are calling the function ‘business assurance.’ Quality auditors, environmental auditors, operational auditors, customer-supplier auditors, or systems auditors, and internal auditors will have simply one title – auditor.
IT’S ALL IN A NAME!
Labels are important. They denote status, respect, level, authenticity, confidence and even fear. The word ‘audit’ implies an overview and to some even a policing of activities. There is much discussion on what to call value-based audits: management audits, performance assessments, risk audits, or process audits. In our organization, we chose ‘value added audits’ as our preferred term largely as a result of the Institute of Internal Auditor’s adopting the following definition of internal auditing:
“Internal auditing is an independent, objective assurance and consulting activity designed to add value (our emphasis) and improve an organization’s operations.”
Also, Enron, WorldCom and even 9/11 changed the emphasis of auditing from an ‘after the fact’ review to one that focuses on prevention, managing risk, reducing waste, and in other words ‘adding value.’ Adding value also became the mission and purpose of all auditors, regardless of their background, discipline, and focus.
FUTURE OF QUALITY AUDITING
The Institute of Internal Auditors’s standards allow auditors to serve as internal business consultants if the consulting activity has been defined in the audit scope and brief. This dual role is new to many auditors who have conducted arms-length compliance audits, where there has been an ‘objective and independent’ firewall between auditee and auditor.
This has now changed as auditors with extensive and intensive knowledge of the organization can add value to the audit customer as well as the auditee. Also, the IIA offers this vision of the future of internal and value added auditing:
“Internal auditors are ‘business generalists’ who specialize in efficiency and effectiveness for the good of the organization and its shareholders. Their roles include monitoring, assessing, and analyzing organizational risks and controls; and reviewing and confirming information and compliance with policies, procedures, and laws. Working in partnership with management, internal auditors provide the board, the audit committee, and executive management assurance that risks are held at bay and that the organization’s corporate governance is strong and effective. And, when there is room for improvement anywhere within the organization, the internal auditors make recommendations for enhancing processes, policies, and procedures. In short, internal auditors can be the difference between organizational success and failure.”
Bio:
Greg Hutchins PE and CERM (503.233.101 & GregH@QualityPlusEngineering.com) is the founder of:
CERMAcademy.com
800Compete.com
QualityPlusEngineering.com
WorkingIt.com
He is the evangelist behind Future of Quality: Risk®. He is currently working on the Future of Work and machine learning projects.
He is a frequent speaker and expert on Supply Chain Risk Management and cyber security. His current books available on all platform are shown below:
