As internal auditors, we each face different challenges and our resources, responsibilities and, ultimately, approaches will be unique. But we all endeavour to take on board the latest best practice, and there is much we can learn from one another.
As a one-man-band internal audit and risk function in a fairly small organisation, I approach internal audit in a way that is probably not typical. Working with no staff has a number of advantages and disadvantages. On the plus side, you have the opportunity to set your own agenda – providing that the audit committee approves your audit plans – and to decide which parts of the business to spend time on. It also means that you have hands-on experience of, potentially, every aspect of the organisation you work for.
With no staff available to delegate work to, of course, there is also no getting away from the more mundane parts of the job. But, having also been in the position of having to manage some 35 internal audit staff, I know that this comes with its own set of time-consuming challenges and frustrations – among them, performance reviews, disciplinary proceedings and various HR administration tasks.
Clearly, no internal auditor operating alone is going to be equipped with all the necessary skills to cover every aspect of a business such as the Economist Group. On the other hand, in an organisation as small as mine, I am never going to have the luxury of a team of specialist auditors in fields as varied as IT, HR, finance, treasury, fraud investigation, project management, advertising, marketing, fulfilment, production, circulation and distribution, to do the job right. But I have found ways around these problems. I have free rein to buy in professional services in specialist area if I need to, and there is always help at hand from other quarters. Each year I try to borrow employees from within the business to work on selected audits. There is always a pool of willing volunteers for these secondments, although far more people seem to throw their names into the hat for projects in Hong Kong, Paris, New York and Washington than for those in Romford.
Another benefit of working in a small organisation such as the Economist Group is that there are fewer head-office specialists than you might find in larger organisations. Although we are fortunate to have highly talented and experienced head-office functional heads for areas such as legal, finance, IT, HR and business continuity, responsibility for other areas often falls to me in my unofficial role as general factotum. As a consequence, I develop and run initiatives such as fraud reporting and investigation – including the group’s response to the Bribery Act 2010 – and our programme of business risk management.
I find the latter particularly interesting, especially in the changing climate of the publishing world. Although I steer well clear of taking responsibility for actually managing any of the group’s risks, I find that my role in helping business heads to identify and spell out the risks and controls that shape their operations gives me a much clearer understanding of the way the group works.
It also helps me to put together an annual internal audit plan that’s tightly linked to the real risks that the businesses are facing. Current topics occupying our management team include the movement of advertising revenues away from print to digital formats; the rise of e-readers and tablet PCs; the commoditisation of business-to-business data; the rise of social media; and information security in its many forms.
In order for us all to stay abreast of, and respond to, the changes and challenges in our sectors and the internal audit profession, we need to share our knowledge and experience. For those, like me, who have no internal audit colleagues to bounce ideas off in their day-to-day work, this is even more important. The IIA and Audit & Risk are, therefore, valuable resources.
John Collier is head of audit and risk management at the Economist Group. He qualified as a chartered accountant with Deloitte Haskins and Sells (now PwC) and spent 15 years in the international drinks industry, including four as Allied Domecq’s head of group audit.