4
Years as a staff / senior
6
Years as a Manager / Senior Manager
12
Years as
a Leader
1
Years as
a CAE
CIA, CFE, Change Management Designation
Professional  Certifications
Learn more

For Chief Auditors, while you should definitely use your risk management experience, you need to think about it differently. In an audit universe, you might have hundreds or even thousands of items, depending on your taxonomy—whether at the process level, regional level, or otherwise. But at the enterprise level, you're talking about a much smaller number.

A CAE should consider governance at their organization, too. Risk is managed across the organization every day and ERM brings a structure to it which hopefully creates, drives, and preserves value. You need a governance structure. That can be a formalized risk committee, it can be a risk liaison network, or something else that works for your company.

The word "auditor" comes from "audio"—meaning to hear or listen. That's exactly what we do as auditors: we listen. I think we sometimes forget this, but asking clarifying questions and listening to those answers is the best way to achieve our goals. Don’t make assumptions about what people say. It’s great to get in the habit of saying “Can you tell me more about that” or “What does that mean”? Or. “I am not familiar with that part of the business, can you expand upon that topic for me”? We often forget how crucial seeking to understand is—it's something everyone should do more of.

Subscribe to the Newsletter

Join 1K+ readers of Enabling Positive Change Newsletter for tips, strategies, and resources to improve your Internal Audit & SOX Compliance skill set.

Subscribe to begin

Join 1K+ readers of The Enabling Positive Change Newsletter for tips, strategies, and resources to improve your approach to Internal Audit and SOX compliance.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.