I have heard that in one form or another over my career.
The first came when I was an internal audit manager for a financial institution. The senior vice president for Human Resources said she was a big supporter of internal audit, but my team and I couldn’t audit her area.
I asked why and she explained that since none of us had any experience working in HR, we didn’t have the competence (my word) to perform an audit of HR.
I was able to get her to give us a chance. We might not be experts in running HR, but we were experts in processes, risks, and controls. When I asked where she had a problem, she pointed me to one that had been troubling her for months. I had one of my team (who had recently completed a class in operational auditing) perform the audit. He soon identified the process problem to her great surprise. She was so impressed she wrote both of us a letter of commendation and took me to lunch, letting me drive her Cadillac!
Years later, when I was leading the internal audit at Tosco, one of the IT managers told me I couldn’t audit their very old financial system. It was too complicated. I had fun with that, as I was able to read the COBOL code and identify a number of their coding errors. Internal auditors can easily be underestimated.
A more serious situation arose when Tosco started trading…
