Imagine that one of your friends gave you a new shirt as a Holiday gift.
It is bright and colorful, and it was made by a top clothing company.
You know the company. It prides itself on the quality of the materials that go into its clothing line, its manufacturing processes (which have passed annual ISO quality exams), and the professionalism of its people.
It’s a quality product.
But is it what you need?
You may have a great process, conforming to global standards (whether from the IIA, ISACA, NIST, ISO, etc.), but does it consistently deliver what your customers need?
If it doesn’t, I would not call it a quality product.
Over and over again, board members complain that they are not getting the risk reports they need to ensure management is leading the organization effectively to achieve objectives.
Over and over again, executives complain that internal audit reports include mundane operational findings and other information that is not germane to the significant strategic challenges they are facing.
We waste their time instead of providing them with the easily-consumable information they need, when they need it.
When I joined Solectron Corporation as the vice president, Internal Audit, I asked the COO whether he believed that the internal audit function I was inheriting was doing a good job, and whether…
