Published: 5 Aug 2022

Riccardo Bianconi, Lead Auditor and Accredia Assessor, Coach and Trainer, outlines the importance of listening during the audit process, and makes the case for creating an audit tool through which the board of an organisation, as well as process managers, can demonstrate accountability.  

Auditing creates value by uncovering discrepancies among operative controls, product and services specification, legal or contractual obligations and the way they are known, embedded and applied. Auditing is also a really good way of keeping operative levels and top management in touch, as it can allow relevant and significant information to bypass the many filters that often exist between them, sometimes obtaining also extra budget and support, where it is really needed.  

When auditors find out such information, such ‘evidences’ of misalignment or ineffectiveness of processes, products or services, the problem becomes how organisations can obtain the right behavioural ‘answer’ to these issues, namely the commitment and accountability that are the basis of success.  

How an audit should be performed so it is effective and obtain by organisation mature answers is the critical issue. When an audit process is designed, one of the most important steps is to set objectives and to make sure audit teams have the competences to perform the whole process. 

Listening, not hearing 

First, let’s focus on competences. Audit programme managers look for auditors with knowledge on processes, management techniques, technologies, risks and controls. These are considered the leading issues. This very approach can lead to the biggest mistake of all when it comes to designing an audit. Technical and managing competences are necessary, but they are not the only ones. 

So what exactly is auditing? The Latin word ‘audire’, from which audit derives, means ‘to listen’. So auditing is a process where the auditor has to master the most important tool of all communication techniques – listening. 

There’s a difference between the verbs ‘to hear’ and ‘to listen’. The first means that someone has an acoustic perception, be it words, noises or music. Only when words make sense does this evolve into listening.


What does listening mean? There’s a difference between the verbs ‘to hear’ and ‘to listen’. The first means that someone has an acoustic perception, be it some words, noises or music. Only when sounds or words make pleasure or sense does this evolve into listening. 

 
Listening assumes that a person is ‘tuned in’ or has a rapport with others. An auditor should be in touch with the mind of the auditee and take into account their possible inner reaction to communication during the presentation of the audit report. 
 
The above belongs in the ‘non-technical skills’ domain. Rarely is this competence properly considered during auditor training, selection and qualification. Rarely during courses are these competence building blocks taught by communication professionals, such as Neuro Linguistic Programming (NLP) trainers. Rarely is enough time allocated to this competence. Once outside the classroom, such learning is quickly forgotten. 

Perceptions 

A second – and equally important – issue is the perception that we all have about other people making judgements about us. 

This is the very real problem linked to communication skills. For an auditee, what is a non-conformity statement if not a verdict of his/her inadequacy? 

Often in organisations, we observe process owners fighting or bargaining to obtain a softer classification of findings. That’s the reason the soft-grading problem exists – the unfair classification of audit findings by the auditor, due to the need to meet a favour requested by auditee. For the auditee, often it’s a question of self-confidence, but also it is a question of justifying him/herself with the board. It may mean losing bonuses and/or the prize of being recognised as a good professional at work. 

It’s a fact that, on many occasions, auditees suffer during the auditing process because of the way findings are communicated. This situation leads to an angry reaction and bad systemic answers, where a bad mood and the wrong mindset leads to poor auditee organisation behaviour. 
 
Are the auditors so bad? Not at all. The problem is the procedure undertaken to close an audit. The perception of non-conformity wording is sometimes enough to make the auditing process be perceived as a torture. 

So, what needs to change? 
 
The answer is to change the approach to this closing meeting, turning the ‘torture’ into an occasion for growing the accountability and professionality of both auditor and auditee. 
 

Uncovering critical situations 

Auditing will find and help to sort out critical situations. There are four kinds of these situations to take in account:  

  • violations of criminal laws;  
  • situations that unduly expose people or other assets to immediate safety or security risks;  
  • violation of civilian laws, that are not immediately critical for any person or asset; 
  • unknown, or not duly controlled risks, that are able to create losses in business (reputation and trustworthiness; people engagement; loss of value in asset or product or services; loss of competitivity).  

The first two should bring about an immediate action of containment, when discovered. In such high-risk cases, the vital thing is not just a matter of wording or perception, but the need to stop such situations. Once the situation has been contained, it can be managed as any other situation would be.  

The second two kinds of auditing output (and the first two, once contained), which we can consider as the most frequently occurring, are those where it is necessary to adopt a more ‘smart’ form of communication. 
 
What is the effect of this ‘smart’ approach? The answer is that it improves the accountability of the board and managers, leading to a good mindset that in turn influences real improvement in every organisational field.  

Accountability improvement

How can we contribute to this accountability improvement? One method is by introducing a new end phase to an audit.  
 
During that phase, it should be required that, rather than classifying findings, a simple description of each is given, supported by the evidence needed to understand the same in the better way. The board, top managers and process owners should then be asked to analyse the situation, deepen the investigation, decide what kind of risk is really linked to the situations depicted in the audit report and, eventually, give the classification (grading) of that situation. The good auditing work will have already been done. Now the floor will be open to the organisation in order to give the most accountable answer and to audit programme manager, with the help of the lead auditor, to evaluate these answers. 

A good risk analysis, supported by a deep investigation, will lead to the decision to perform a root-cause analysis, or a taking into account of some facts that can produce a corrective action in the first instance, and an eventual turnaround of the situation.  
 
Any decision not to follow this pattern must be clearly justified, and the answer given by the organisation will be a pivotal point in growing accountability. With this method, no-one will be hurt by words or judgements. The owners of the problem areas will be in charge of demonstrating their capability to analyse the situation and solve the issue in the proper way. This will lead to a real maturity of the management system; more and more, it will be clear that accountability lies with the board, as well as managers and process owners, giving them the final responsibility on the quality of output of their organisation. 
Should this not be obtained, any non-conformity will reflect on the management system as a whole, and not a single point of failure.  

Where is the ‘devil’ in this approach? 


The answer is that, for audit teams, there will be a need to record evidence of critical situations that are of real value to the organisation and to give the rationale and evidence to support their concerns. Not to judge will require great competence for auditors. 
 
For an organisation, the hardest aspect will be to clearly demonstrate its technical and managerial knowhow. These will be the elements that are really evaluated  – not initial findings, but the ability to answer in a systemic, comprehensive and accountable way.