I recently spoke at a conference where one of the sessions was called “Four Most Dangerous Words in Finance.” It reminded me of a blog I wrote a few years ago called “Ten Things Not to Say in an Audit Report.” In that blog I wrote about types of things not to say. Beyond the categories of phrases or messages that I explored in that blog, however, lie a handful of words that are so useless or polarizing that they should be banished from the internal audit dictionary. 

Words have power. A well-written audit report is a call to action. A poorly written report can result in inappropriate action, or no action at all. On the one hand, you don’t want to be too vague, but on the other you don’t want to be perceived as too opinionated or antagonistic. Little things can make a big difference in how our recommendations are received. 

I’ve always been an advocate of straight talk. I also have coached scores of internal auditors on the dangers of populating an internal audit report with adjectives and other subjective terminology that often incite management to vehemently disagree with our conclusions. Here are the five words I’d like to banish from the internal audit vocabulary.

Failed – as in “management failed to adequately assess and mitigate risks.” Simply stating the condition without assigning blame is much more likely to result in corrective action and preserve our relationship with management the next time we audit their area.

Inadequate – “Management designed and implemented inadequate internal controls.” Inadequate is one of those adjectives that can elicit a strong disagreement from management officials if the word is used to describe their actions. I prefer to describe the condition and contrast the observation with appropriate criteria without attaching the adjective to individuals. If I do use the word “inadequate,” I use it to describe the controls and not the actions of management.  

Ineffective – “Management actions were ineffective.” Ineffective is another adjective that should be used sparingly. The word will often elicit a defensive response on the part of management. Rather than encourage swift concurrence with the audit report and implementation of corrective actions, words such as “ineffective” will result in prolonged negotiations over the final wording of the report. The result can be a deterioration of relationships with management and additional exposure or losses accruing from the delays in implementing corrective measures. 

Found – “We found…” This is grandstanding. We find things because they are there. To say that we found something shifts the emphasis to us. Just as “failed” alienates and belittles, “found” carries a superior “gotcha” tone that draws attention to the auditor and not the problem at hand or the corrective action required.

Appears – “It appears that…” In internal audit, things are or they aren’t. Weasel words can make solid recommendations sound like hunches. It may feel safer to avoid specifics, but too many qualifiers suggest you can’t back up your facts. I’d put “seems” in this same category. A few commenters on my earlier blog took exception with my classification of “appears” as a weasel word. However, I stand by my contention that “appears” should be banished from our reports.

As is always true in my blog, these are my personal views, and should not be construed as views or guidance from The IIA. This is just a conversation starter. I know some people have an aversion to “should,” “would,” “could,” and other auxiliary verbs. You no doubt have words you’d like to add to these five, and you may take issue with the words I’ve chosen. This is an open discussion. What words would you banish?​