Have a Question fo Us ?

Call: 1-636-487-1076


Come see what we are talking about and share your thoughts and ideas. Join us here on on LinkedIn

April 17, 2020


There is probably no word in history that is both desired and feared as much as CHANGE. True to human nature we typically want others to change while our lives stay the same. Yet change has and will continue to impact us. Fortunately, our modern world has already made change less of a bloody revolution and more of a science. Since the 1960’s we have been drawing connections between human grief and surviving organizational change. This has created significant progress on the communications, decision methods and training that must happen to successfully navigate A significant change. However, the pace of needed change has only accelerated. In 2020 and beyond will not have the luxury of planning for one change event at a time. so how can we plan for perpetual change? I believe an organization can create healthy perpetual change management, but it requires new skills and new ways of seeing the organization, its leaders and its assurance provider.

Starting with Assurance (Internal Audit, Risk Management, etc.)

Over the last 5 years, I have had the luxury of playing a thought leader role in the profession of Internal Audit. From 2017-9, I helped design and write a significant book, and tour the world presenting it. I have looked specifically at helping internal auditors change in ways that add more value to their organizations. The change the profession of internal audit has gone through is rich with experiences, data and ideas on what an organization must have to be resilient in the winds of change.

Historically internal auditors have been responsible for taking a set of standards (Policy, Financial Reporting, Regulatory) and auditing against them. I refer to this as validation auditing. A portion of the profession (less exposed to change) still only audits this way. However, the speed of change has left organizations and industries without adequate time to develop meaningful and current standards. So starting in the late 1980’s many Audit Committees began focusing internal audit on helping management better achieve their desired goals and objectives, rather than acting like an inspector. This effort to add more value has been difficult for the profession of internal audit. It is easy to compare reality against a standard, but it is an entirely different thing to participate in comparing reality to its likelihood of contributing or organizational success. However, the 3 decade long effort has yielded some very interesting ideas on what actually contributes to success. Ideas that have dug down into the ways and methods that have created standards.

The Fundamentals

As internal auditors have looked for the components of organizational success, they have investigated many governance and management methods and ideas, and I believe we have gotten better at peeling back the layers of the onion. As we have stripped down many leading practices to their core, the core is always the same. An idea with the potential of value. It does not matter if you are a government entity, a business or a mission, it is always the same. So, what does this tell us?

It tells us it is important to understand the assumptions behind the idea and the methods applied to the idea to create value. This introduces our first two useful tools: Understanding the Paradigm and Defining the Current Standards.

A paradigm is a way or set of assumptions that influence an individual or group’s interpreted reality. It exists before every decision is made within an organization. It exists before the core of the onion or the idea with a potential of value. So, having a way to critically define and evaluate the existing paradigm is an important perpetual change tool. A standard is a principle that if followed promises to delivers an ideal. Standards follow decisions as they are implemented and formalized. Standards are made up of directions, guidance, models, measures, methods, policies, procedures and tasks. Having a way to evaluate the standards ability to influence and produce the desired value is the second important perpetual change tool.

Roles and Responsibilities

As the profession of internal audit has changed its role, in an effort to add more value, it has had to campaign and clarify the differences between internal audit, and other functions that manage specific risks for the organization. This has illustrated a need to clearly define and communicate roles and responsibilities. Nothing is more likely to create failure than disorder, redundant waste or gaps in oversight.

This is also true for Boards and Management. As business systems and marketplaces grow in complexity the role of the Board and Executive Management must continue to narrow. In the past good Executives have work many hats; Innovator, Leader, Inspirational Communicator, Operations Developer/Manager and Public Affairs to name a few. However the knowledge needed to be perpetually aware of industry position, stakeholder interest, operational capability, and strategic landscape can no longer live within one human brain. Likewise at the Board level, the historical belief the a few human beings will be able to know when to blow the whistle on risk, fire the CEO or respond to opportunities is become more and more unlikely

Formal, clear, and narrow roles for the Board and Executive Management give them a greater opportunity to use their best skills and leverage more expertise within their organization. A leader supported by systems that elevate subject matter experts to support these narrow roles, are likely to be the hallmark of perpetually changing organizations.

Protocol for the 20%

Finally, as our Internal Audit profession has sought to find new approaches to adding assurance value we have focused on our core areas of Governance, Risk Management and Internal Control. The effort has uncovered a few realities. First there are thousands of consultants out there and each has a mostly packaged product they are selling, which may or may not fit your organizations needs. They could be compared to a fruit counter at the grocery story. They all fit similar categories but can be very custom and different. So knowing when to and when not to use consultant is important. Creating a solid understanding of the organization and its current needs can help.

Second, a few things will always be true for every organization and when understood can better clarify both priorities and how an organization should use outside experts. I call these protocols, or things that can easily be supported by policies, procedures and tools. It would be safe to assume that at least 20% of everything done in a day would likely fit as a protocol. When stripping many leading practices down to their fundamentals some simple protocols evolve. I categorize these as Good Governance, Good Management and Internal Controls.

  • Good Governance, protects the organizations reputation, directs leadership through policy and enables them with resources required
  • Good Management, writes down objectives, has measures of success, has reporting to deliver measure progress; aligns people with skill, efficient process and enabling technology; and empowers individuals within their organization
  • Internal Control, represents formal methods to manage external risks, growth of internal capabilities and future risk taking opportunities


I believe we can apply some lessons from the changing internal audit profession to help Boards and Management create skills and structures needed to manage perpetual change. Tomorrows organization need perpetual change capabilities. To get there they must have tools to perpetually illustrate their existing realities, paradigms and standards. They must leverage their human capital, narrowing the traditional hierarchical role of Boards and Executives to the things they do best – supported by their subject experts. Finally they must build formality in the right place, leveraging assurance perspectives and leading practices to set minimum expectations or protocols for Good Governance, Good Management and Internal Control

Comment Here:

Your email address will not be published. Required fields are marked *