Tom Degol
Tom Degol Competence Lead specialized in Information Security Management, Risk Management and Compliance. Implementing or checking the rules of the 'Cybersecurity Compliance Game' in order to enhance a company's level of resilience. Always motivated, enthousiastic and eager to accept new challenges. Crossfit athlete; globe-trotter and 'social people pleaser' outside business hours.

The perception of audit

The perception of audit

Audits are not there to tell people they are doing a bad job. Audits are not there to blame people.

Being audited as an auditee, performing audits as an auditor, involved as a management party in an audit, … All parties have a different opinion and perception about the concept ‘audit’.

First of all, ‘audit’ is a means of evaluating the effectiveness of a company’s internal controls, processes and systems. It is often a mandatory review process in most industries and will take place on a regular basis, no matter what business you are operating in. And no matter if you like it or hate it. And here we are indeed finger-pointing the main issue: a majority of the employees do not like to be audited. Why? We assume this is because they potentially don’t know why they are audited and therefore they can’t see the added value for them.

Audits exist to ensure compliance towards the requirements of a particular standard or legislation. Its purpose is to track and improve the compliance level of your company. It is important to explain the role of audits for the greater good of the organization and to explain your employees that this is meant to show how the company can enhance their environment.

There is also a difference in perception between being audited by an ‘internal audit team’ or by an ‘external auditor’. Members from the internal audit team are employed by the same company as the auditees are. They will check the effectiveness of both internally developed processes and procedure, but also check the level of compliance against internationally recognized standards. The danger exists that employees might see them as “the head office spies” and may feel their job is at risk in case the audit results in some shortcomings.

Next to the internal audit team, you have the external auditor, or often so called the “third party audits”. Those audits are performed by an independent objective party and can provide transparency and confidence to interested parties that your business is truly operating an effective and compliant management system. Often these external parties are accredited to perform certification audits as well. During external audits, both employees and management might experience the feeling their (re)certification is at risk.”. But nothing is less true: external auditors want to prove why you actually should achieve your certification instead of taking it away.

But how can the perception of audit be improved?

The perception of auditing can be improved by getting adequate management commitment and leadership. Management of the auditee side should inform their employees about the audit in a timely manner and explain them why the audit will take place, what the goal(s) are, etc. This will alleviate many of employees’ concerns.

Additionally, management can also improve the audit perception by demonstrating commitment and leadership in resolving audit findings after the audit has took place. This will proof the fact that the audit does not end with just a piece of paper, the final report, but that the process will continue afterwards as well by resolving the audit findings.

And third, by hiring qualified and professional auditors, the overall experience of the audit will improve as well. Auditors being trained to be an auditor by following trainings, obtaining certificates and having experience will know better how to complete an audit successfully and how to deal with the auditees in a professional way.

Of course, if you need a helping hand, we can perform an audit for you in a professional and smooth way, with respect for your employees and environment! :)