As I said in my last post, I recently had the privilege of hanging out with a bunch of smart people: internal auditors.
They work for an organization with manufacturing facilities all over the world, each of which is subject to strict safety regulations. Compliance with those regulations is a major part of the internal audit plan, as it should be.
It did not surprise me to hear that the corporate offices had established similarly strict policies and standards designed to ensure compliance with the regulations.
However, these facilities produced a variety of products and were subject to different local laws and regulations.
But the corporate office valued consistency and every location was required to follow the same company standards.
What I heard was that sometimes a manufacturing plant would believe that a corporate standard was not the right practice for their specific business, in their locality.
Internal audit was expected to identify when a plant didn’t adhere to the corporate standards.
My view, which I shared with them, was that internal audit should follow a different standard: the standard of promoting what is best for the business.
That is not to say that we should not identify deviations from corporate policy, but we should not immediately call it a “finding”.
First, find out why management…
