Communication—The Missing Piece - ISACA


Feature Danny M. Goldberg, CISA, CGEIT, CCSA, CIA, CPA, is

Communication—The Missing Piece

the professional development practice director at Sunera, an international corporate governance, risk management and regulatory compliance firm. Prior to joining Sunera in January 2011, he founded SOFT GRC, an advisory services and professional development firm. Goldberg has more than 13 years of audit experience in the Dallas and Fort Worth, Texas, USA, area, including five as a chief audit executive/ audit director at two diverse companies. He has the rare experience of leading or being an integral part of year-one US Sarbanes-Oxley Act compliance efforts at three companies. Additionally, he has assisted in leading the establishment of three internal audit/Sarbanes-Oxley departments.

Do you have something to say about this article? Visit the Journal pages of the ISACA web site (www.isaca. org/journal), find the article, and choose the Comments tab to share your thoughts. Go directly to the article:

©2012 ISACA. All rights reserved.

Career progression in any field is dependent on many factors, including skill and experience and, often, being in the right place at the right time. In the audit and risk management profession, there are many high-quality people vying for the same roles. Additionally, the progression of many managers up the proverbial audit ladder is stymied due to one significant distinguishing factor: communication skills. In the IT audit world, some security and IT auditors tend to use fear, uncertainty and doubt as methods of enforcement. When speaking to nontechnically oriented team members, it is easy to generate fear, which may inadvertently lead to rumors that can damage the credibility of the auditors and/or the audit departments. Such negative methods by auditors will not contribute to success in building long-term relationships with auditees. For auditors, the focus is on oral and written communication. To be successful, auditors must establish face-to-face relationships with auditees and develop a level of trust. Furthermore, complete and accurate work papers in addition to compelling audit reports are important throughout the audit process. Auditing skills and ability are extremely important; however, without a high level of communication, all ability is for naught. It has been said that interpersonal skills are more important than auditing skills in this profession.1 Internal audit is comparable to the sales group inside an organization, in that audit must constantly sell its value and role. The need for auditors to constantly sell their value highlights the importance of refined communication skills. Some best practices and key areas of communication include: • The 7 C’s of communication • Professionalism • Miscommunication • Mode of communication • Conflict management • Active listening

The 7 C’s of Communication Communication, via emails, meetings, phone conversations and instant messaging, for example, is the foundation of all business. The 7 C’s of communication provide a checklist for making sure that all forms of communication, including meetings, emails, conference calls, reports and presentations, are well constructed and clear. The 7 C’s of communication are:2 1. Clarity/coherence—This may seem obvious, but clear and coherent communication is not as easy as it seems. Communication should be focused—with no question about the intention or the objective. Irrelevance should be eliminated, and logic must be embraced. 2. Concise—Many people are familiar with people who like to use long words and sentences to project intelligence, often producing the opposite effect. The elimination of space killers and a focus on useful words is key. Concise communication keeps audiences engaged and interested. 3. Complete/correct—Communication is a fine art; it is important to paint a complete picture so that all facts and circumstances are understood. Communication should be accurate and honest. It is okay for people to admit that they do not know something—admit it, attempt to find the answer and move forward. 4. Captivating—Communication must be interesting and engaging at all times. Comprehension and listening significantly decrease if people do not see how they are personally involved in the communication. Compelling language that encourages action should be utlized. This commands more attention and better responses. 5. Conversational—An adult’s comprehension tends to decrease significantly (during training) when a speaker talks to the audience rather than with the audience. People must be engaged and feel comfortable enough to speak their mind. It is important to personalize each experience and make each individual connect.



6. Courteous—Communications are most effective when they are two-way, not one-way. Communication should be professional, but friendly and approachable. 7. Concrete—One should communicate with specifics and certainty, eliminating as much ambiguity as possible and keeping communications direct and to the point. Professionalism One of the major issues with interoffice communication is the separation of personal and professional points of view. Emotion tends to weigh down healthy and straightforward communication and the comprehension of what is being communicated. Communication should be kept at a professional level; personal feelings should not affect communication. It is important to remember that communication should not be taken personally in the workplace. In certain instances, auditees may take audit findings or recommendations personally. For auditors, communication must be kept on a professional level and emotion must be eliminated as much as possible. The auditor should remain focused on the issue and the root of the problem.

• Discuss and collaborate in the Knowledge Center. • Attend the Communications Workshop, held at various ISACA conferences in 2012.

in-person communication skills. There are many different modes of communication, but nothing can replace face-to-face conversation. Emotions and sarcasm are difficult to interpret via email and on smartphones. All employees should be guarded when communicating via smartphone. Technology has enhanced the speed of communication, but it has also decreased the effectiveness of communication. Generation Z relies heavily on text messaging and emails, but many conversations are better conducted in person or over the phone. Email and texting are sometimes used as modes to avoid in-person conversations. Communications that involve back-andMiscommunication forth conversation should be done in person rather than via Miscommunication is the number-one cause of unnecessary email. Many employees, especially in younger generations, conflict. Assumptions can take on a world of their own. tend to use the wrong form of communication. Email is People who assume let the assumption take over the overused, and not all conversations are effective via email. conversation and, thus, do not fully comprehend the Emotional conversations should not take place via email. If communication. Auditors must not assume anything, must an emotionally charged email is received, keep an open mind and must be open to it is best not to respond via email, but to conversations. Many miscommunications call the sender and discuss the situation are bred from assumptions and are Communication should be offline, regardless of who is copied on the affected by the mode of communication. kept at a professional level; email. In the case of an ongoing audit, Auditors should ensure that personal feelings should not it is best not to communicate significant communications to auditees are clear, and findings via email. Anything that could be they should avoid miscommunication as affect communication. significant or construed as personal should much as possible. be communicated in person. Mode of Communication Conflict Management The mode of communication can significantly change the tone Confrontation4 can be a healthy exercise when the parties in and meaning of communication. Generation Z3 is well-versed in communicating via smartphone and social media (e.g., conflict are transparent and honest. In most cases, discussions LinkedIn, Facebook, Twitter); however, the focus on these of audit findings will have some form of confrontation. Proper new modes of communication has decreased Generation Z’s management of this communication can determine the successfulness of an audit.



©2012 ISACA. All rights reserved.

• Focus on the real issue of the Most people inherently do not like Auditors must be good listeners confrontation—Many confrontations confrontation. The points outlined become emotional when there is and must focus on the content and below can be applied to any type a lack of focus on the real issue. of conflict. Confrontation—due to meaning of a conversation. It becomes a blame game with any conflict, including those within a multitude of excuses. If the the audit group, between audit and conversation deteriorates into a blame management, or among auditors and game, take a break or a deep breath and eliminate blame. auditees—can be optimized by undertaking the Refocus on the primary objectives of resolving the issue and following steps: alleviating concerns that the issue will reoccur at a later date. • Personally confront the issue—Lack of transparency breeds distrust. When issues are avoided, assumptions arise. As Active Listening discussed previously, assumptions can take on a world of Listening is a major part of communication. It takes effort to their own. Confronting issues head-on breeds confidence listen and comprehend. Auditors must be good listeners and and trust in management. When discussing an audit issue, must focus on the content and meaning of a conversation. lay out the facts and be straightforward. When participants lack strong listening skills, audit interviews • Make the initial statement, then stop talking—When lose their value. The following points can enable more confronting an issue, make an initial statement and optimized listening: then stop talking. This is against human nature; during • Ignore phone calls during a conversation, and abstain from confrontation, many want to state their case and not stop multitasking; ensure that the conversation is the primary until they believe they have sufficiently made their case. On focus. Conversations can become relatively meaningless and the other hand, the other party in the conflict feels that they devalued when combined with multitasking. are being railroaded and belittled. Conflict is healthy when • Look at the other person, and focus on the words and there is two-way communication. One-way communication meanings. Eye contact is important because it breeds trust will never resolve an issue. After the initial statement is and confidence. Maintaining eye contact keeps the focus on made, give ample opportunity for the other parties to the conversation at hand. discuss the statement and give their viewpoints. This creates • Avoid interruptions. a back-and-forth communication that is more effective in • Resist jumping to conclusions. It can be difficult not to resolving a confrontation. jump to conclusions. The listener may hear something • Avoid arguing during the confrontation—No matter what that takes comprehension away from the remainder of the is said during a confrontation, regardless of how personal a conversation. Regardless of what is said, keep an open mind statement is, arguing is never valuable or effective. Silence is and follow up on any concerns when the opportunity arises. preferable. • Concentrate on the flow and back-and-forth of the • Know the desired resolution prior to the confrontation— conversation rather than focusing on bits of information or Many pointless confrontations occur because the parties past parts of the conversation. do not know before the confrontation what resolution they want. Without a known resolution, confrontation is Conclusion meaningless and tends to be emotional. The best way to Communication is key to an organization’s success. In general, convince auditees that change is necessary is to present the audit skills and talents are very important, and not everyone idea as theirs. Via significant dialog with the auditees, and is capable of becoming a good auditor. On the other hand, through showing an understanding of their perspective and interpersonal and communication skills are as, or more, ideas, the auditor can lead auditees in the direction of the important than general audit capabilities. If an auditor cannot recommendation.

©2012 ISACA. All rights reserved.



effectively communicate a finding or recommendation, the solution will fall on deaf ears. All the internal and IT audit talents in the world are deemed relatively useless when the auditor lacks the ability to effectively communicate the goals and findings of an audit. Auditors who strive to advance into managerial roles need strong communication skills to take the next step. This is the missing piece for many auditors, but it can be achieved with training and effort. Auditors must become optimized communicators, and should not assume that the people with whom they interact are not optimized communicators.



Endnotes This statement is based on the author’s experience and his discussions with other audit professionals. 2 There are many variations of the 7 C’s of communication. For additional examples, please see: Mind Tools, “The 7 C’s of Communication: A Checklist for Clear Communication,” newCS_85.htm, and Reynolds, Roger; “Seven C’s of Good Communication,” Infinisource Payroll, http://abcopayroll. com/news/200610sevencs.php. 3 A term used for individuals born between approximately 1990 and 2000. 4 The definition of “confront” (and, in turn, “confrontation”) is not implicitly negative. See Merriam-Webster, “Confront,” 1

©2012 ISACA. All rights reserved.


Communication—The Missing Piece - ISACA

Feature Danny M. Goldberg, CISA, CGEIT, CCSA, CIA, CPA, is Communication—The Missing Piece the professional development practice director at Sunera,...

1MB Sizes 3 Downloads 11 Views

Recommend Documents

2015 annual report - isaca
Apr 22, 2016 - ISACA enhanced its Cybersecurity Nexus .... By year's end, there were. Silvia Chinchilla Sáenz, CISA, CG

perfect storm - ISACA
PERFECT STORM: THE BRAVE NEW WORLD OF SAP SECURITY. ABSTRACT ... targeted at corporate applications and data, such a rar

State of Cybersecurity - ISACA
to go unchecked and the sophistication of attack methodologies is evolving. .... How concerned is your organization's bo

Project Management - ISACA
Jun 11, 2016 - Analysis, May 2013, p. 13, cgi-bin/ssialias?subtype=WH&infotype=SA&htmlfid=SEW

Metasploit Primer.pdf - ISACA
Metasploit Framework (MSF). Created in 2003 by HD Moore, currently employed by Rapid7,. MSF is “a tool for developing

Combine | One Piece Database
Apr 13, 2009 - -Oda suka mengumpulkan serangga saat masih kecil, dan yang paling banyak dikoleksinya adalah belalang -Se

Acerca de ISACA
COBIT 5 Español. ISACA® ( ayuda a los profesionales globales a liderar, adaptar y asegurar la confianza en u

Template Business Blueprint - ISACA
Dec 21, 2010 - 17. 7.7 ReO: Response Owner. 17. 7.8 AA: Auditor and Analyzer. 17. 7.9 Authorization Matrix. 17. 8 Author

CSX-Exam-Guide - ISACA
Section 1: About the Cybersecurity Fundamentals Exam a. About the Cybersecurity Fundamentals Certificate. The Cybersecur

gear - One Piece Memorabilia
... anteprima · anter · anticipated · anya · anymore · anyone · anything · anyways · aokiji · aot004 · apaa · apaan · ap