Anyone who has spent much time as an internal auditor has inevitably generated audit results that created friction or tension with those whose areas of responsibility were audited. Sometimes, even the most professionally executed internal audit with the most constructively written report can land with a huge thud. The results of our reports often are used as the basis for evaluating management performance. Unfavorable results have been known to cost executives a bonus, a promotion, or even their job. Adverse audits can damage relationships. Call it a “broken fence.”

It is practically impossible to avoid occasionally breaking fences in our line of work. It is a hazard of the trade, so to speak. But no internal auditor can function effectively if surrounded by broken fences. A successful internal auditor learns, over time, the fine art of fence repair.

How do you mend the broken fences? My first piece of advice is to work tirelessly to avoid breaking them in the first place. Anticipate potential consequences of audits and try and mitigate the damage before it happens. For example, discourage the use of internal audit report ratings or results for punitive purposes. As I have observed previously in this blog, also avoid the use of inflammatory words and phrases. Strive continuously to ensure the tone of the report does not foster lingering animosity on the part of management.

It goes without saying that you must make sure your report is valid. And if it points out that the officials who are responsible made mistakes, make sure it also accentuates the things that were done well. I always included a “management accomplishments” section in every audit report. If it was an audit report with particularly damaging audit findings, I usually put a little extra effort into calling out pertinent accomplishments.

Avoid assigning blame to individuals by name or title, but rather speak to systemic failures and control weaknesses, without pointing fingers.

That said, you’re going to run into the situation, if you’re in this business long enough, where fences break. No matter how congenial you might be as an internal auditor, if you are doing your job correctly, there will be an occasion where, in order to call it like it is, you are going to have to say something that will create hard feelings or damage relationships on the other side.

If a fence is broken, you should seriously consider a fence-mending mission. Here are five strategies I have used to mend damaged relationships as a result of an audit:

1. I engaged in a frank and open discussion with the offended party or parties. I asked them to share with me their candid feelings about the accuracy/fairness of the reports and what they believe internal audit could have done differently/better. These sessions can become contentious, so check your ego at the door.
2. I have used a customer satisfaction mechanism that solicits feedback from all audit clients. The ability to vent without a face-to-face confrontation can be therapeutic where someone has been offended.
3. I have admitted mistakes and owned up to opportunities for improvement on internal audit’s part, if mistakes were made.
4. I have tried to demonstrate genuine empathy when engaging with someone who felt wronged. If an internal audit report cost someone their bonus, I put myself in that person’s shoes when talking to him or her about our relationship going forward.
5. I have learned that mending fences can take time. If management feels that trust has been breached, or we have done them wrong, it will take time for them to recognize that our work is balanced and objective. So, be patient.

Why should we care if fences have been broken? Well, internal auditors have to “live where we eat.” What will tend to happen, once a fence is broken, is that the managers in that area won’t want you to audit them again. Every audit after that will start with a contentious relationship. Internal auditors cannot be effective in the long run if they are surrounded by broken fences.

Are you good at mending fences? Have I oversimplified a complex issue? What has worked for you? Share your best practices.​