Improving Audit Quality Through Client Understanding

𝐒𝐓𝐎𝐏 𝐋𝐎𝐎𝐊𝐈𝐍𝐆 𝐀𝐓 𝐒𝐏𝐑𝐄𝐀𝐃𝐒𝐇𝐄𝐄𝐓𝐒. 𝐖𝐀𝐋𝐊 𝐓𝐇𝐄 𝐅𝐋𝐎𝐎𝐑 While sitting at breakfast at a hotel, a gentleman approached me. He asked how I was doing, if my stay went well, if this was a holiday or a business trip, etc. Later on during cocktail hours: same. He stopped briefly for a quick chat at almost every table. It was the hotel´s GM. He told me that “walking the floor” was the favourite part of his job. “You don´t manage a hotel by looking at spreadsheets. This is a people´s business”. I couldn´t agree more. And you won´t be astonished one bit that I see tons of analogies to internal audit. Plus, I wholeheartedly believe that IA is a people business. For sure, there´s a lot of screen work to be done in any IA project. But the most important information often doesn´t come from spreadsheets or interviews. The most critical information is often gained by walking the floor. Because that´s where you get the chance to understand how a company “ticks”. Plus: it´s more fun 😊. Here are a few ideas of what´s in store for you when you do more “walking the floor”. Spoiler alert: it´s win-win for you and your client! 𝐈𝐦𝐩𝐫𝐨𝐯𝐞𝐬 𝐚𝐮𝐝𝐢𝐭 𝐪𝐮𝐚𝐥𝐢𝐭𝐲: ✅ Broadens business insights ✅ Learn about risks that aren´t visible through audit work ✅ Get hints about complaints or tip-offs ✅ Sense the culture of the organisation ✅ Fills knowledge gaps about a business process ✅ Validates process reality in the field ✅ Improves recommendations by sounding out the field 𝐇𝐞𝐥𝐩𝐬 𝐭𝐡𝐞 𝐚𝐮𝐝𝐢𝐭𝐨𝐫 𝐠𝐫𝐨𝐰 𝐩𝐞𝐫𝐬𝐨𝐧𝐚𝐥𝐥𝐲: ☑️ Trains communication skills ☑️ Boosts curiosity ☑️ Gets you feedback ☑️ Keeps you grounded ☑️ Broadens your network ☑️ Builds influence through visibility ☑️ Builds trust – proves that auditors are human beings :-D ☑️ Is fun 😀 𝐇𝐞𝐫𝐞´𝐬 𝐡𝐨𝐰: ✳️ Ditch hierarchy ✳️ Get introduced to as many people as possible ✳️ Introduce yourself ✳️ Stop at open doors and say hi ✳️ Ask to see as much as possible of the “real” business: walk around the factory, visit a laboratory, visit the warehouse, visit the studios... ✳️ Ask if you can join a local team for lunch ✳️ Stay for a chat in the coffee corner ✳️ Be attentive to hints for personal interest (pet photo on desk? car brand on key chain? kid´s drawing on the wall?). These are a super-easy ways to start a conversation ✳️ Invite your client to dinner ✳️ Build rapport with receptionists, drivers, assistants... They know everything In short: don´t waste any chance of informal interaction for a more insightful (and more pleasant!) audit experience. ‼️ A word of caution: think twice before feigning interest. It´s usually very transparent and could have the opposite effect: people shut up. Because most people hate fake. I am most curious: what other advantages do you see in walking the floor? And what´s your strategy in doing so? Repeat with me: let AI look at the spreadsheets. Use the saved time to walk the floor.

𝗪𝗵𝗮𝘁 𝗜 𝗪𝗶𝘀𝗵 𝗜 𝗞𝗻𝗲𝘄 𝗶𝗻 𝗠𝘆 𝗙𝗶𝗿𝘀𝘁 𝗬𝗲𝗮𝗿 𝗼𝗳 𝗔𝗿𝘁𝗶𝗰𝗹𝗲𝘀𝗵𝗶𝗽 𝗟𝗼𝗼𝗸𝗶𝗻𝗴 𝗯𝗮𝗰𝗸, 𝗜 𝘄𝗶𝘀𝗵 𝘀𝗼𝗺𝗲𝗼𝗻𝗲 𝗵𝗮𝗱 𝘁𝗼𝗹𝗱 𝗺𝗲: "Don’t just focus on tasks. Focus on understanding the client’s business.” In my first year, I was caught up in processes: → Filing tax returns. → Performing audits. → Checking boxes. No one told me to step back and ask, "Why does this business operate the way it does?" After clearing CA IPCC (now CA Inter), I joined a mid-sized firm in my hometown. At first, my focus was simple: "Finish the tasks. Learn the steps." But then, something changed. I started looking beyond the numbers. I began asking questions: → "How does this business really work?" → "What’s the story behind these financial statements?" By my third year, my perspective shifted completely. Handling tax scrutiny cases became fascinating. But what excited me the most? Conversations with the client’s top management. We weren’t just talking about numbers anymore. We were discussing decisions. Big decisions. That’s when I realized: I didn’t want to just "know" financial statements. I wanted to solve problems. I wanted to add value—across industries and businesses. Why This Matters... The way we file tax returns or perform audits will change. But the knowledge you gain about businesses? That stays with you forever. Here’s the truth: When tax laws change, a good CA doesn’t lose work. Their value isn’t tied to a specific law. It’s tied to their understanding of businesses. Think about it—GST replaced VAT and Service Tax. One day, GST might also be replaced. Change is inevitable. But the skills you build today will prepare you for tomorrow. Morale: A good CA doesn’t just tick boxes. They understand how businesses work. Looking back, I’m grateful I made the effort to learn beyond the numbers. It’s a lesson I carry with me every day I'd love to hear about your own experiences! And do share this with your friends who might find it useful! #Linkedin #career #Growth #ca #Linkedinforcreators #articleship

Case Study: A Complex IT Audit That Changed My Career Early in my IT Audit journey, I was asked to lead an IT audit for a client with one of the most complex IT environments I had ever seen. Dozens of interfacing systems, legacy applications talking to modern cloud platforms, and limited documentation—it was a maze. I won’t lie—I was nervous. I had the basic audit experience, but this engagement required much more: • Deep understanding of data flow across interconnected systems • Ability to evaluate interface controls and data integrity risks • Confidence to lead walkthroughs with senior client-side IT teams Here’s What I Did to Succeed 🔹 1. I Took Ownership Early Rather than panic, I broke the engagement into pieces. I mapped every system, interface, and process on paper—almost like building a personal audit blueprint. 🔹 2. I Got to Work on My Gaps I spent nights and weekends learning: • System interface risks • Data integrity validation techniques • How to audit in hybrid environments Platforms like ISACA’s knowledge center, YouTube, and even internal firm materials became my best friends. 🔹 3. I Asked Questions—A Lot of Them From senior colleagues to client-side SMEs, I wasn’t afraid to admit what I didn’t know. I learned fast, built relationships, and gained trust. 🔹 4. I Stayed Close to the Details I didn’t delegate blindly. I reviewed configurations, traced system interactions, and validated assumptions with the client team—turning complexity into clarity. The Outcome? The engagement was a success—clean findings, happy client, and valuable insights delivered. But more importantly, it gave me confidence. Confidence to say “yes” to harder tasks. Confidence to lead teams through ambiguity. And confidence to believe that no system is “too complex”—as long as you’re willing to learn. 💬 Final Thought That experience taught me that the biggest career growth often hides inside the scariest challenges. Have you ever taken on an audit or project you felt unprepared for—but came out stronger? I’d love to hear your story. Let’s learn from each other 👇 #ITAudit #CareerLessons #GRC #AuditLeadership #Big4 #ComplexSystems #RiskAssurance #AuditConfidence #EarlyCareerGrowth #PwC #AuditCaseStudy

Just spent the last two mornings leading an audit where my client was being audited by their biggest customer (one of the largest companies on the planet). The result? Audit time cut in half. No findings. Here’s how I did it: Take their audit plan and own it. No fluff, just a mirror image of their audit plan, in their words, mapped directly to your evidence. Build a slide deck that leads them step by step through their own plan. No distractions. No unnecessary filler. Link evidence directly. Every control, every requirement should have a clear link to the exact evidence that supports it. Screenshots, logs, tickets - each one connected to the policies and procedures that instantiate them. Don't make them hunt for it. Take them straight to the answer. Expect the unexpected. Have supporting documentation at your fingertips. Dry run it multiple times. Click every link before the meeting. Nothing kills momentum like fumbling for evidence while an auditor waits. Be transparent, show maturity. Own your weaknesses, show where you’re improving, and demonstrate continuous progress. No one expects perfection, but auditors respect teams that have a plan and can articulate how they are leveling up. Enable business, reduce friction. Security isn’t just about stopping the boogeyman; it’s about keeping your client’s revenue flowing. If a customer’s audit stalls their ability to sell to their biggest client, that’s a business risk. Good security and compliance removes barriers, builds trust, and keeps deals moving. The result? The auditors said more than once: “Thanks for the preparation.” Preparation and readiness win audits. Preparation keeps revenue moving. Preparation is the difference between friction and enablement. Stop treating audits like a defensive exercise. Own them. Lead them. Control the narrative. #AuditReadiness #Compliance #ciso #dpo #security

"This is one of the best audits I've ever seen in my career." When a pharma company tells you that, you know you've uncovered something valuable. 🎯 Because most companies expect an audit to expose problems with their writers. We exposed something different: a system that was setting everyone up to fail. Here's what we uncovered: 📊 - Writers focusing on grammar when they needed to focus on critical thinking - Reviewers pressured to approve without providing meaningful feedback - Quality teams trying to maintain standards without proper tools - Everyone wanting better results but lacking the roadmap to get there The real insight? 💡 They were trying to standardize documents without standardizing the thinking behind them. Problem is, most pharma companies face these exact challenges: - Multiple reviewers with conflicting feedback - Endless revision cycles eating up valuable time - Documentation that doesn't meet regulatory standards - Teams frustrated by unclear expectations But here's what made this audit different:  We didn't just identify problems. We revealed opportunities. ⚡ The solution wasn't about "fixing bad writers." It was about creating: - Templates that guide critical thinking, not just formatting - A review process built on clear expectations and scientific principles - Standards that both writers and reviewers understand and trust - Tools that enhance quality, not just enforce rules - A system customized to their specific challenges And, of course, teaching the kind of contextualized critical thinking that ensures they’re conceptualizing the task in the right way before they even begin. Our science-based approach didn't just fix their documentation. It transformed their entire approach to technical communication. 🧪 Because when critical thinking drives your writing process... When your review system actually supports quality... When your tools enhance understanding instead of just enforcing formats... That's when documentation becomes your competitive advantage, not your bottleneck. 🚀 Bottom line: Your teams are smart. Strategic. Capable. They just need the right system to succeed.

One of the most frustrating scenarios in Internal Audit shows up during audit reporting. But it’s almost always caused during planning. You’re nearing the end of an audit project when the executive sponsor finally gets involved—only to question the scope, challenge the relevance of the issues, or worse, suggest you audited the wrong things entirely. We’ve all been there. Or certainly I have been. In the old-school way, this was just seen as the price of being an “independent” function. Audit teams would speak with the process owner, design the audit program, and carry out the audit—often with minimal engagement from senior leadership until it was too late. Most audit teams include obtaining feedback and sign-off on project scope from their audit customers as a key planning step. Others send an audit planning memo outlining their notes from planning meetings, informing their audit customer of their proposed scope. Modern Internal Audit teams are evolving beyond this. They’re not just informing executive sponsors about scope—they’re actively involving them. They’re proactively asking for feedback and soliciting advice: 🔍 What would make this audit valuable to you? 🔍 Is this scope important to you? Why or why not? 🔍 How would you go about this audit, or test step, differently? 🔍 What areas would you like us to focus, and provide feedback, on? These activities are important because they not only CYA from the problem outlined above from happening. But they also force you to have more engagement with your audit customers, in turn providing the internal audit team richer insights into the process, risks, and desired outcomes—often leading to more relevant, impactful audit findings. There’s a lot of talk in our profession about becoming “trusted advisors.” But that trust isn’t earned by doing great work in isolation. It’s built through: 💡 Intentional relationship-building 💡 A deep understanding of the process being audited 💡 Proactive feedback loops If your audit team isn’t prioritizing the audit customer, and specifically, the executive sponsor of the audit's input during audit planning—its a step worth considering to add your methodology. Because the best audit reports don’t just reflect a well-executed audit plan. They reflect real alignment with the business. Internal Audit Collective #InternalAudit #SOX #EnablingPositiveChange

Hello Everyone, It is said that half of Internal Auditors work is done if effective questions are asked and process is understood properly. This is a crucial skill required by Internal Auditors. It enables auditors to identify the potential risk and undertake assessment of internal controls & its effectiveness to mitigate those risks. I feel following tips might be useful: # The thumb rule is always allow the auditees to speak and open up. Make them comfortable and give them assurance that this excercise is for their benefit. # before initiating do your basic homework. they will judge you initially & if you ask smart questions or show basic awareness you will earn their respect. # understand the department's structure, job profile, roles and responsibilities, trainings imparted. ask about recent developments and changes initiated or undertaken in the department. # always initiate the discussion with open ended questions (read with 1st point). # Feel free to pause them and ask specific questions about process, risk and controls. otherwise you will miss out key elements and they will not want to tell you everything. ask them to show you the reports / records sample if required. # the whole purpose of this discussion is to focus on risks, controls and compliance. ask them to know their understanding and views about these, how they are managing it. dont forget to assess the IT Controls and Segregation of Duties while understsnding the processes. # perform walkthrough along with them. ask them to show the IT flows. sometimes risk are assessed when performing walk throughs. they may not even be aware of the impacts of the steps undertaken. # Never ask leading questions or you should never say the controls to get affirmative response from auditees. this may result in wrong process understanding or things may get missed. ask them what risk they anticipate and how they ensure controls. # get clarity if something is not understood, get a confirmation of your understanding as sometimes what they say and what we understand may vary. # give them respect. always be courteous and professional, earn their trust and respect. this is time to build relationship. # it is also important to remember that questions or discussions should be in accordance with the auditee level. higher the designation the discission should be more strategic and overall. # documentation is the key. entire interview should be noted and sample documents obtained. certain issues are control design level deficiency so this documentation helps. # share the document (minus the risk assessed) to the auditee for their confirmation. even if they do not revert, it can be taken as final. # ask about possible legal and compliance applicable to the department. this is very critical and also assess if they are aware of the changes in laws. With effective interview the key risks and controls will be identified and assessed. happy auditing Soneel

𝗔𝘂𝗱𝗶𝘁𝗶𝗻𝗴 𝗳𝗼𝗿 𝗨𝗻𝗱𝗲𝗿𝘀𝘁𝗮𝗻𝗱𝗶𝗻𝗴, 𝗡𝗼𝘁 𝗝𝘂𝘀𝘁 𝗙𝗶𝗻𝗱𝗶𝗻𝗴𝘀 A gardener does not walk the garden looking for broken branches alone. They look for patterns. Why one corner struggles while another thrives. What the soil, the shade, and the season are quietly revealing. In audit, it is easy to slip into hunting for findings. Exceptions. Gaps. Deviations. But findings without understanding rarely change anything. Judgment matures when we move beyond what is wrong to why it is happening. When we stop asking only “Does this comply?” and start asking “What is this system trying to do and where is it breaking down?” Auditing for understanding means seeing the system as a living whole. Processes, people, incentives, culture, pressure, and trade-offs. It means resisting the comfort of checklists when the situation calls for sense-making. This is where intuition, evidence, and accountability converge. 𝗜𝗻𝘁𝘂𝗶𝘁𝗶𝗼𝗻 helps us notice that something is off. 𝗗𝗮𝘁𝗮 helps us explore how widespread it is. 𝗝𝘂𝗱𝗴𝗺𝗲𝗻𝘁 asks what it means and what would actually help. When auditors focus only on findings, conversations become defensive. When they bring understanding, conversations become developmental. This week, reflect on: 🌿 Where might a focus on findings be limiting deeper insight? 🌿 What questions would help you understand the system, not just test it? 𝗛𝗼𝘄 𝗰𝗼𝗮𝗰𝗵𝗶𝗻𝗴 𝗰𝗮𝗻 𝗵𝗲𝗹𝗽. Coaching supports this shift. Coaching invites auditors and leaders to slow down, explore assumptions, and hold multiple perspectives at once. It helps teams move from proving points to building shared understanding that leads to wiser action. This post continues the From Intuition to Judgment arc, where sensing becomes evidence, evidence becomes meaning, and meaning prepares the ground for responsible action. ----- 📎Week 29 of a 52-week reflection series inspired by The Gardener of Governance™ (Lenz 2021), a reimagining of internal auditors as gardeners who nurture culture and systems where ethics, sustainability, and meaningful accountability can grow. Dr. Rainer Lenz, Kim Klarskov Jeppesen (2022), Barrie Enslin (2025) 🌿 This series also reflects the spirit of The Evolving Auditor, a movement rooted in coaching that seeks to elevate the human spirit behind the profession and develop the mindsets and skills needed for thriving organizations and thriving professionals. 🌱 If you've missed the reflections from previous weeks, this page is a living collection, updated weekly, where you can find 𝗮𝗹𝗹 𝗽𝗼𝘀𝘁𝘀 𝗶𝗻 𝗼𝗻𝗲 𝗽𝗹𝗮𝗰𝗲. (Link in the comments) 🔖 #TheEvolvingAuditor #TheGardenerOfGovernance #AuditForUnderstanding