Risk Management Induction Training to Business Teams

I had joined a new company and was taking the induction training. I thought it would be a good idea to get fellow participants perspective.So I asked a young employee – “How did you find the risk management induction training?” He responded – “Was that training? It sounded more like a rulebook of corporate prison.” The training had bored me to death and I shared his opinion. I wondered whether risk management team took feedback seriously or were purposely designing trainings to turn off new employees.

Normally in India, a trainer reads out from the presentation the various dos and don’ts of the organization’s code of conduct, regulations impacting the organization and technicalities of business ethics. To enhance interest further some provide detailed information of GRC organization chart. The training comes to a dramatic end when in the last few slides, the trainer delivers the key message to the participants – We will fire you if you do not follow all this.

The newcomers already have butterflies in their stomachs. To add to their woes, we present a dry subject in a dull and boring manner. Then we expect them to imbibe the messages in their daily working life. Let’s face it, we are facing competition from Lady Gaga.  Gen Y is more likely to remember the lyrics of her song, than risk management training. To get their attention we need to reframe risk management training. There is no rulebook that says trainings must be without any rammatazz and unimaginative to the core.

Yeah, that's a HR Management book

I contacted Peter Cook, an unconventional and creative business author, speaker and consultant, to get his views. He is reinventing the art of human resource management. His recent book Punk Rock People Management is a winner. He innovatively connects human resource fundamentals with music. Unbelievable but true, you have to read one of his books to find out how he does it. His perceptive views on induction enormously impressed me. Here is my favorite paragraph from the book:

“Post-punk princesses Madonna and Lady Gaga unwittingly stumbled upon the problem of induction with their songs ‘Like a Virgin’ and ‘Bad Romance’ as did punk group The Boys with their minor hit ‘It’s my first time’. However good your hiring of people is,  failing to induct people properly can cost you in thelong run. Classical HR induction sessions emphasize all the statutory stuff, such as health and safety and getting your corporate identity badge (whilst losing your identity). But they generally fail to establish what is called a ‘psychological contract’ between the new recruit and the company, which leads to long-term performance and commitment. The costs of NOT doing this include rapid turnover, poor performance, corporate sabotage and mental sabbaticals (the lights are on but no-one’s at home) etc.”

Peter makes an excellent point about psychological connection. Risk management trainings fail to positively influence the participants. The lines below highlight the ridiculousness of expecting participants to be gung ho about the training.

“Imagine what would happen if this approach were adopted when you fell in love. You would have a ARRSE (Adviser – Romance Risk Strategy Executive) come along to show you some PowerPoint slides on the risks of falling in love,issuing you with badges to say you are officially in love, and so on. So, why does common sense go out the window when we enter the crazy world of work?”

 This prompted me to pick up three most applicable points for risk management induction training from Peter’s book and I requested him to share his views on the same.

1.    Understand the audience

The one-size fits all doesn’t work for risk management training. For instance, in Indian ITES sector, new employees join right after school. To them, terms like audit, fraud, ethics are practically incomprehensible. Their head will spin if we give them a download on various laws and regulations in the first training session.

The same applies in other industries also.The choice is ours – to be either amused or appalled at their naiveté.  The story below depicts the level of understanding of a fresh recruit.

An experienced purchase manager working in food and beverages industry was offended with a new junior. The junior had accepted a gift from a supplier in their first meeting. The purchase manager called the junior to his room and asked in Hindi –“Do you understand ‘AAchar’ (ethics)?“ The junior replied in English– “Of course sir, it means pickles (Achar).”

This is the risk managers’ starting point for training. Therefore, prepare a training calendar with various sessions over 6 months to bring them up to speed. Peter mentioned that there are 57 ways to train besides classroom training – workshops, e-learning, mentoring, storytelling,  etc. Identify the staff learning styles and develop the training accordingly.

2.    Make training fun

I know it is tempting to give a few thousand pages to read to the participants. That is what we, as risk managers had to do. But remember the training participants haven’t signed in for a risk management professional course. Don’t give them manuals in the name of e-learning. That’s only going to make them panic. Make it simple and fun. Peter succinctly put this point across in his book. He says create an environment where people are naturally engaged. For example, he wrote:

Pubs do NOT have mission statements that say:

 “We aim to encourage sociosexual networking and leverage mission critical knowledge, skills and wisdom through the use of addictive depressant substances in a relaxing lifestyle environment that encourages the suppression of societal norms of decency and so on”

If you read this statement while entering a pub, will you immediately fall in love with the pub or hesitate to enter? Same rule applies to induction training. Why not explain the statutory stuff without using the corporate and risk management jargon?

3.    Help participants succeed

The biggest obstacle in the successful implementation of risk management training, is the attitude of the risk managers. The managers sometimes focus more on the numbers covered so that they can tick off from their to-do list and report to compliance that training was conducted. The trainers are not accountable to make the business teams effectively manage risks.

Sometimes, when the classroom training is over the participants do not know whom to connect with if they have questions when they start working. In some e-learning courses the same problem is exists.

Peter gives some good advice here. He says – Make sure that new people understand on the first day exactly what they can do to succeed. Connect the new members with the people who can help them do their best”

Closing thoughts

Use induction training as a starting point to develop risk awareness and culture within the participants. Don’t make it a big ruse to cover numbers. If the training is good, the new employees will become unofficial ambassadors of risk management. By creating the right chemistry, risk managers will have long term allies in business teams. Make the start a memorable and happy one for the new employees, and they will keep coming back for more.

Leading Risk Management Function with Emotional Intelligence

Have you ever felt as a risk manager that business teams don’t want you around them? Behind your back business teams in three words describe you as “critical slimy burger”, in two words “painful preacher” and in one word “#@$&^@#$”. Your ideas and opinions are strongly opposed and good ones too sink due to death-by-association syndrome.

Sometimes, from top to bottom levels of the organization business executives stonewall risk managers’ efforts and the risk management team faces this antagonistic attitude.

Ascending the Maturity Curve - Economist Intelligence Unit

Even the Chief Risk Officer (CRO) and other risk managers fail to cut ice with senior management. A recent report “Ascending the Maturity Curve” published by Economist Intelligence Unit shows that just 28% of business executives consider CRO and other risk oversight members as usually helpful in achieving business objectives. The adjoining graph reflects that thought process of business executives about risk managers.

In light of this, it is clear that risk managers face a challenging and conflicting relationship with business executives. These issues make risk managers’ jobs notoriously frustrating and thankless. Hence, risk managers need a solution to be effective.

 I thought it might be a good idea to study why business teams react negatively and how to make then think positively about risk managers. I read Daniel Goleman’s book – The New Leaders, which covers ways to use emotional intelligence in leadership. It sheds light on disastrous leadership outcomes when leaders deal with teams without sufficient emotional intelligence. There are a number of lessons for risk managers to learn from the book and here are some of them.

Briefly, Goleman has described resonant and dissonant leadership styles. Resonant leaders attune to other people’s feelings and communicate emphatically to move their feelings in a positive direction. While dissonant leaders fail to recognize feelings of the people they are dealing with and create negative emotions – anger, frustration, fear – in them. He has defined six leadership styles, four are resonant and two are dissonant. In my view, risk managers reflect these leadership styles and a better understanding of it will help them in building relationships with business executives and within the team.

1.   Visionary style

According to Goleman, visionary leaders articulate the purpose that rings true for themselves, and attune to the values shared by the people they lead. This also initiates transparency by removing barriers and smokescreens within the organization. However, the downside is that visionary leaders sometimes sound pompous and overbearing.

In my view, when CROs and other risk management seniors adopt visionary leadership they facilitate business teams in seeing the bigger picture. The risk management functions are perceived negatively as they adopt a check box mentality and highlight small regulatory issues as major problems. They sometimes do not spend adequate time with business teams articulating how risk management will benefit them in achieving business objectives. Hence, business executives are resistant to suggestions, as they have limited idea on how their risk management ties up to the overall corporate mission, vision and strategy.

Here, the takeaway is that risk managers need to sell the bigger picture of risk management functions and trust the business teams to identify and mitigate risks. Understand the need of business teams to feel important that their work matters.

2.   Coaching style

Goleman states coaching style builds rapports and deep emotional relationships; however, most leaders tend to ignore it. It is a resonant style if done properly. When executed poorly coaching looks like micromanaging or excessively controlling. He further adds managers are inept at giving performance feedback that builds motivation and not fear and apathy. Hence, give coaching that makes the employee feel that it is in their best interest rather than feel manipulated and attacked.

According to me, this is the crux of the problem. Risk manager’s role – especially the compliance and governance – demands identifying weaknesses in business operations. Frequently, risk managers issue draft and final reports to senior management without really explaining the details to the middle and junior level executives. This causes anxiety and fear in business teams. 

Psychologically, mild anxiety results in attention and energy to the job, prolonged distress hampers work performance.  Secondly, chronic anger, anxiety and sense of futility cause emotional hijacking.  Considering this aspect, it isn’t surprising that in long-term audit or investigation assignments, the business teams are distressed. If risk managers do not provide periodic updates on their observations, the continuous anxiety results in negative reactions. Here regular coaching becomes essential.

Therefore, risk managers must attune themselves to the emotions created by their work and communications in the business teams.  Give feedback in a way that doesn’t diminish the value of work being done by the business team.  Not in a manner where the person feels that, s/he is the problem.

3.   Affiliative  style

In Goleman’s view, affiliative style represents collaborative competence in action. This style is good for relationship building as it promotes harmony and friendly interactions. It allows a person to be kind along with being candid. However, the negatives of this style are that it can drive down performance if constructive feedback is not given or if used in a disaster scenario, the person may appear clueless.    

 In my opinion, risk managers can use this style to build relationships with CEO, CXOs and Board. The risk managers are not getting a seat at the board level or do not have sufficient visibility with the CEO. Hence, a few organizations have a slip-shod approach to risk management.

The messages given by senior management on risk management build the risk culture within the organization. According to Goleman’s study – “Roughly 50% to 70% of how employees perceive their organization’s climate can be traced to the actions of one person: the leader”. Hence, CEO’s actions and sentiments towards risk management get reflected throughout the organization. Therefore, relationship building is critical at this level for risk managers. Become a friend of the CXOs.

4.    Democratic style

Daniel Goleman says that democratic style is generally the most successful resonant leadership style. Leaders discuss issues, listen to others, take feedback and then make a collective decision. The advantage is that there is limited backlash for harsh decisions as it builds trust, respect and commitment. The disadvantage is that over-reliance on this approach results in endless meetings without firm direction.

My outlook is that auditors and compliance officials cannot adopt a democratic style for conducting an assignment, as it will hamper independence.

Nonetheless, democratic style should be adopted for recommendations and improvements in business. For example, if process re-engineering or additional controls are being suggested, it is useful to listen to business teams and discuss the solutions to them. The business teams are closest to the problems. Hence, the style benefits when risk managers perform advisory or consulting assignments. It is also a useful tool to understand the business executives concerns and anxiety points. Let the business teams take decisions about risk management and ownership for the same.

5.   Pace-setting style

Goleman says that in modern times pacesetters are thought of as good leaders since the leadership style adds to the bottom-line in short-run. Pacesetters focus on performance and excellence. However, if the leader drives employees too hard the morale plummets. Pace setting only works when employees are self-motivated, highly competent and need little direction. Meeting high standards of excellence has a cost, as it is task focused and not people focused approach.

There are two key insights to be gathered from Goleman’s analysis. The first one is that if CEO and board are driven by quarterly results and showing good performance, in the long run the organization is likely to pay a huge price. Hence, CROs need to monitor this form of leadership and culture, and guide the senior management.

The second aspect is the CROs and other risk managers need to ensure that they themselves do not become aggressive pacesetters in their functions. Sometimes the targets on number of reports, project timings, and quality of work become so critical that CROs ignore other aspects. In these situations, the star techie gets promoted who may not have adequate leadership and people management skills. Hence, there is burnout in the risk management team and conflicts with business teams. This is a dissonant style of leadership hence use it with care.

6.    Command style

The command style though frequently used is the most dissonant style as per Goleman. It is a coercive style – do it because I say so – being the message that makes employees feel threatened and intimidated. It is least effective as an intimidating cold leader contaminates everyone’s mood and the quality of overall climate spirals down. Employees think of it as a reign of terror so stop bringing bad news as the bearer is killed. The upside is that in crisis this style is effective.

A risk manager may claim that their role is recommendatory in nature and they do not have line authority over business teams. Hence, this kind of situation would not result from their actions.

On the contrary, if risk managers start playing political games and use their negative findings to downgrade a business executive’s career, the same results will ensue. Hence, they definitely have responsibility to ensure that their actions do not intimidate business teams or make them feel threatened.

However, if they are doing a million dollar fraud investigation or detecting a data theft situation, this style will work. It will reduce panic in the business teams since someone is in command and is showing direction.

Closing thoughts

As I read the book, one message was clear – risk managers need a range of leadership styles to be effective.  Risk managers emotional intelligence determines their success and failure in building relationships with business executives.  In Goleman’s words –

“The triad of self-awareness, self-management and empathy all come together in the final emotional intelligence ability: relationship management. Managing relationships skillfully boils down to handling other people’s emotions.”

Here is a clue. Psychologically laughter is the easiest way to create positive emotions. So risk managers leave your serious-brow furrowed look and smile.

References

Book: The New Leaders – Transforming the art of leadership into a science of results – Author Daniel Goleman

Report: Ascending the maturity curve –Effective management of enterprise risk and compliance – A report from the Economist Intelligence Unit Sponsored by SAP

Images of a Chief Risk Officer

Indians are euphoric this April due to two major victories, one that is an Indian passion and the other is slowing making India hollow. Yes, I am talking about two most common words you are likely to hear this season – Cricket and Corruption. The elation of Indian cricket team winning the World Cut hadn’t died down when Anna Hazare launched his protest against the Lokpal Bill. Government bowed down to the public protest and both the wins made Indians proud.

The two events got me thinking. The Indian cricket team honored Sachin Tendulkar with the win. Each team-member said they wished to honor him for 20 years of dedicated commitment to Indian cricket. Sachin’s attributes are that he has domain knowledge of the game, an expertise few players have, he mentors and supports junior players, team depends on him for taking them out of tough spots and he is dependable and reliable. He doesn’t have a formal leadership role. He gave up captaincy when he realized he is not suited for it.  Clearly a man who knows his strengths and limits!

If you see Anna Hazare, he is a 72-year-old man who enjoys the reputation of impeccable integrity. The government listened to his demands as he commands a moral authority, which few leaders enjoy. It is not that everyone can go on a fast-unto-death and expect the government to agree to modify a proposed law. People supported him because he led from the front; he has sacrificed his life for the community without any interest in power or money. Again, he has no formal authority as he is not an elected member of parliament nor does he hold any position. People respect him for his moral courage and commitment.

Now look at the qualities of these two men- Sachin Tendulkar and Anna Hazare. Aren’t these what a Chief Risk Officer (CRO) of an organization should be having? Risk managers generally complain that they have limited access to board and CEO and business team do not listen to their advice. Hence, they are struggling to be heard by senior management and business teams. However, if you think deeply does it not appear that senior management and business managers are not relying on risk managers because they might be reflecting incorrect attributes?

In my view, a CRO provides value to the board and CEO at strategy and policy level. The CRO is not the captain of the ship, but should be able to guide senior management in understanding the risks and address them. For business managers a CRO needs to mentor them in running business operations with minimum risks. To do so, CRO needs to have a combined reputation of Tendulkar and Hazare. S/He  needs to have a reputation of impeccable integrity, domain knowledge and expertise, trustworthiness and reliability , a team player and with an ability to sacrifice personal agendas for greater good of business. If s/he has this reputation, probability is that both senior management and business managers will be more forthcoming in involving him/her to understand and mitigate risks.

Images & Shadows

This prompts me into thinking the second aspect of the problem. What are the images CRO have in the organization and how are these benefitting or negating them?

1.       Nitpicker  to Troublemaker

 Most CROs complain that they are unable to get into CEO’s cartel. The challenges they face are that on one hand CEOs and board think that CROs are nitpickers who can’t provide much value add at strategic and business level. On the other hand, the CROs who do manage to attend CEO and board meetings may face significant resistance to their views.  I had covered this aspect in the article “Independence of Internal Auditors – An Oxymoron”.  As per KPMG Audit Committee report of 2010, 73% of Chief Audit Executives’ jobs are at risk if they hold a contrary view than the board. The attitude of the management is  that ”we don’t need someone on our board who doesn’t appreciate our views.” In such a situation the CRO has a choice between the devil and the deep blue sea.

Auditing and advising are two sides of the same coin and CROs needed to fulfill both of them diligently to ensure organization risks are managed effectively. CROs can learn from Hazare and Tendulkar on how to lead senior management without holding formal authority. They need to develop a reputation of a “guy who can be counted on to give the right advice and support.” To do so they need to work towards changing the image of bean counters and focus on developing strategic perspectives at macro level.

2.       Busybody to Watchdog

The employees of the organization sometimes view GRC staff as tale tattlers. According to the negative perceptions of business employees, the sole purpose of risk managers is to report to the management everything nasty to satisfy personal agendas and play political games. Generally, the image is formed when CRO is perceived as using audit and other risk management reports to gain political power and  uses them negatively. With an image of Dr. Jackal and Dr. Hyde, there is significant trust deficit at all levels of the organization. The downside is that business teams instead of developing risk aversion, develop an aversion to risk managers. Here, the CRO fails to establish a reputation as a genuine business advisor willing to hand hold business teams to improve risk management.

 CROs need to take a leaf out of Anna Hazare’s life. Anna Hazare gathered political support and led from the front in the Lokpal Bill protest. He garnered support as public understood that he was sacrificing himself for the greater good of the community. He showed he had the moral authority to lead others and protest against corruption on their behalf. The CROs should aspire to have a similar reputation where management and employees trust him/her to work for the benefit of the organization and be above petty politics.

3.           Scholarly to Acerbic

Frequently business managers view a CRO as “S/he is theoretical, is woefully obtuse about the practical aspects of business.” Or worse, “S/he thinks the job is to criticize, is always thumbing his/her nose at business managers.” The problem results as CROs and their teams are unable to cut ice with senior management and business teams when their reputations are that they are paper pushers, paid critics, think others as lesser mortals or are amusingly ridiculous in their ideas. S/he is never on the guest list of the business managers meetings. Here, the CROs fail in establishing their expertise and domain knowledge; hence lack credibility.

Taking a lesson from Sachin’s case, would he enjoy team respect and fan following if he lacked domain knowledge and expertise.  He has earned respect with his humble attitude and willingness to share his knowledge with teammates. The CRO needs to make their internal brand one of an enabler rather than a critic. The risk management technical expertise can be successful only if applied in addressing business challenges. Hence, a balance needs to be maintained between risk management and business issues. The willingness to train and mentor business managers on risk management aspects will go a long way.

In nutshell, risk managers should focus on their internal branding within the organization. We may rely on facts but perceptions matter. If senior management and business managers develop negative perceptions of the CRO, the organization and risk management teams suffer. People generally do not listen to people whom they do not respect and trust. Hence, CROs first task should be to develop a reputation of impeccable integrity, and being a good mentor and a domain expert.  

Welcome your opinion.

Optimism Leads to Delusions?

Since birth, the mantra taught to us about life is optimists do better in life as they think positive, are surrounded with positive people and generate positive energy. The example of the glass filled with some water typifies our thinking. Here are three examples of the statements people make and the general opinion formed by the public regarding the statements.

First person

Statement: The glass is half full.

Opinion: Give the guy an immediate pat on the back for being an optimist.

Second person

Statement: The glass is half empty.

Opinion: Well the guy is a pessimist and has negative thinking.

 Third person

Statement: The glass is half full and half empty.

Opinion: This person is really picky, majorly into specifics.

Most of the successful people are optimists. Optimism gives them self confidence, a belief in their capability to execute a plan and a capacity to vibe well with people.

It is difficult to imagine a pessimist succeeding with life when he/she is always viewing the picture for the shortcomings.

Optimists on the other hand succeed while viewing the positives of the situation. The problem is that more successful an optimist is the likelihood of seeing the negative side decreases. The person starts believing that he/she is succeeding because the negatives of their personality are not really negative. For example, let us say that an optimist boss has a short temper and takes it out on his/her staff. You might hear the boss saying that it is a good trait as the staff is more careful about work.

The optimist doesn’t realize that he/she is succeeding despite the negatives. Hence, they do not focus on working on removing the negatives as they don’t believe they have them. This results in a number of blind spots. They look at it sometimes, when a major disaster occurs. Normally, because of their belief in themselves, they manage to hold the other party responsible for their own shortcomings.

You might be able to observe this, when you see an optimist friend who has married a number of times. The ex-spouse was always the problem. Their belief in institution of marriage doesn’t reduce with time.  Neither do they think that they might be making wrong partner choices or having some romantic notions or impractical ideas of marriage. The option that they themselves may not be ideal spouse material is not going to strike them.

Optimism can lead to delusions which can be fatal for a successful life. You might still be thinking, is it possible. Watch the video “Problem of Coaching Successful People” of Marshall Goldsmith. He is the author of the book- “What Got You Here Won’t Get You There” and is an executive coach. In this short video he has described the four problems of getting successful people to change their behavior.

Mantra for the day is: Obtain feedback, understand your blind spots and work on removing them. Use your optimism to become better rather than blind.

Have a nice week.

Auditor – A Listener!

I was watching the video on Tom Peter’s site (http://www.tompeters.com/books/little-big-thing/) regarding strategic listening. He mentioned that doctors interrupt the patient’s description of his/her problems within 18 seconds. Just 18 seconds, before a doctor starts formulating an opinion on the diagnosis. It got me thinking, the word auditor has two meanings specified in Oxford dictionary 1) a person authorized to perform an audit and 2) a person who hears; a listener. As auditors, are we listening?

I would say as auditors we are party to the crime of not listening properly and strategically. How much time do we spend in understanding the business strategy and objectives, mission and vision of the business owner/ department which we are auditing? How many of us conduct an informational interview with the teams to understand their business operations and the risks which are perceived by them? Taking a rather negative viewpoint, although would say depicting the real scenario, auditors have an introductory meeting with the business  team and tweak their pre-developed audit program somewhat. An audit is conducted according to  a standard program and checklist, and a report issued accordingly, sometimes the previous one modified apprpriately. I think we should hold ourselves accountable to Albert Guinon’s quote “There are people who, instead of listening to what is being said to them, are already listening to what they are going to say themselves.” Then as auditors, we are surprised that our recommendations are not implemented and the business teams are complaining that the audit has provided no value add.

I searched for data on time spent by auditors on various activities and the percentage of those spent on listening but could not find any. A report on MetricStream (http://www.metricstream.com/) states that 40% of the audit time is spent on documenting work papers and writing reports. The rule of thumb is that 60-70% audit time is spent on execution.   To exemplify my point, I am taking one audit staff’s time distribution for conducting an assignment for a 10 man day period. The ball park figures are depicted in the chart below. Here, of course the assumption is that the meeting time was used to effectively listen. My guess estimate is that if we take 50% of the time as effective listening it would be more realistic. To conclude, on an average one audit staff spends 5% of time listening to the business team. Does this percentage surprise you?

 

 

The nitpicking can be done regarding the figures, however the point remains that auditors are not spending significant time listening to the business owners. To further illustrate the point, the top three aspects which we need to understand from the business owner before even preparing an audit program, are:

1.       Business Strategy, Mission and Vision

What is the business strategy, mission and vision of the organization and the department and how do you plan to achieve it? Was it the same previous year or has it changed, and if so, what are the changes? Do you believe this is the right strategy to adopt or are you planning on changing it?

2.       Organization Culture

Is the organization culture constructive, aggressive, passive or destructive? What emphasis is placed on building an ethical organization culture? What are the un-discussable issues in the organization? Are there any incidents of work place aggression and how have these been dealt with? Is the leadership open to ideas, concepts and discussions with the juniors?

3.       Balance Score Card and Key Performance Indicators

What is your job, how do you perform it, what are the problems you face, what are the risks you perceive and how does your performance get measured?

The question is how much time do we spend on understanding the basic business operations and environment before commencing an audit? The answers to the above questions will facilitate an auditor in understanding the key concerns of the business, the level and focus on implementation of risk management and corporate governance

It is imperative for auditors to understand the business at macro level before focusing on the micro level. Conducting an audit of transactions does not yield the desired results of giving a comprehensive view of business risks and risk mitigation plans, policies and controls. It is the people who are driving the controls environment, so without dealing with them how can we actually create effective risk management culture. So what is the inhibiting factor for auditors for asking the right questions and listening to the right answers. Is it that they fear developing an image of nosey parker or the other extreme, ask no questions and hear no lies?

For effective listening, an auditor needs good communication skills, be attentive and create an environment of trust. In the words of Lee Iacocca, former CEO Chrysler Corporation “I only wish I could find an institute that teaches people how to listen. Business people need to listen at least as much as they need to talk. Too many people fail to realize that real communication goes in both directions.”

Some of my colleagues would say I am being critical. My defense is that as auditors we spend a whole lot of time reporting deficiences in business operations and stating that business owners do not listen to us.  Can auditors be understood when they fail to understand? Should auditors be spending more time listening to the business owners? Should the audit methodologies be changed to incorporate a higher percentage of time spent in discussions?

Welcome your comments on it.