New Course
0 Hours (On-Demand)
CPE Not Available
Instructor for this course

These documents are ancillary to the Internal Controls certificate program and are to be used as guides for internal controls and internal audit.

This section provides a few templates and information sheets that can be utilized and refined. It is important to note that these tools should NOT be used as a simple check-list. They must be appropriately tailored to your organization. They are being provided to assist participants in brainstorming and developing the proper documentation needed to comply with the legislation. They include:


Individuals who have performed the chief audit executive (CAE) role can most likely compile a never-ending list of lessons learned from the experience. It can be beneficial to reevaluate those lessons at various crossroads in an individual career and share the experiences with others who may be considering a similar role. Through the act of sharing and identifying lessons learned, individuals who continue to pursue internal audit as a profession can assist in the advancement of the role of the internal auditor in today’s business.

SECTION-1: Lessons Learned

The poem by Robert Fulghum titled “All I Really Need to Know I Learned in Kindergarten” provides an analogy of how the simplistic concepts learned in kindergarten can be applied within everyday life. These concepts extend past personal lives into business and government. The poem recites simple learnings such as “share every- thing,” “play fair,” “clean up your own mess,” and many other factors of leading a balanced life. The poem even speaks to the need to “hold hands when you go out in the world, watch out for traffic, and stick together.”

Lesson 1: Clarify/Define Management Expectations for Internal Audit

Not everyone sees things in the same light or recognizes concepts that may seem clearly outlined. It is important to make sure management and the internal audit team work together and are on the same page of the handbook when working through depart- mental responsibilities and expectations.

Lesson 2: Balance Management Expectations with the International Institute of Auditors Standards

Internal auditors understand the purpose and intent of the Standards. However, it is not unusual for management to have varying views that may conflict with the internal auditor’s professional obligation to the Standards. The concept of playing fair correlates to ensuring that the Standards are not used as a bat or whipping stick when working to get management on the same page as the auditors. Keep in mind that the Standards are not laws; they are professional guidelines. The entire organization must understand the importance of playing fair and according to the guidelines of the profession.

Lesson 3: Validate the Internal Audit Charter as Fact and Not Fiction

Internal auditors are accustomed to clarifying and documenting. We look to leading practice to guide us on the procedures most relevant to apply. We often utilize leading practice documents when developing departmental protocols and documents like charters. However, it is important to look at departmental charters periodically to ensure that the elements listed are executable and true in fact. Elements that appear in a charter that are not relevant to the organization or that could never be executed given the current structure may actually put the organization at greater risk.

Lesson 4: Clarify the Purpose and Execution of Risk-Based Auditing

Make sure that management and internal audit are on the same page concerning concepts and the need for a true risk- based audit approach.

Lesson 5: Define “Independent Risk Assessment” in Relation to the Audit Plan

Everyone sees things in a distinct and separate manner. Similarly, the concept of independent risk assessment may be viewed differently by each company, management, and internal audit function. It is important to clarify the concept of independent risk assessment to ensure a consistent organizational understanding and application.

Lesson 6: Add Value While Maintaining Independence

The concepts of independence are complicated, and it is important to remember to play fair when executing responsibilities.

Lesson 7: Serve the Audit Committee

In this instance, the responsibility of serving the audit committee can be correlated to almost every lesson outlined in Robert Fulghum’s poem. When serving the audit committee, auditors should employ all aspects of playing fair, sticking together, taking responsibility for their own actions, and learning when and how to appropriately communicate the aspect of cleaning up messes. As a challenge, internal auditors should revisit the poem and link individual responsibilities and challenge areas to components outlined in the kindergarten rules. Think simplistically. Everything can be translated into everyday life.

Lesson 8: Communication of Issues When Management Objects

Communication is an art. Be cognizant of how communication is perceived especially when others are not in full agreement. Gaining agreement and acceptance or sticking together will take you much further than fighting over irrelevant issues.

Lesson 9: Understand How the CAE Role and Audit Department Are Viewed

Internal auditors understand the role of the CAE as defined by professional Standards. However, it is important to “balance” our perceptions and how we execute the role with the manner in which management and the audit committee view the role. In essence, ensure that you are “living a balanced role.”

Lesson 10: Gaining a “Seat at the Table”

To gain the perennial seat at the table, the CAE must build strong relationships with management that include developing trust and respect. It is important that internal auditors stick together and understand the professional Standards to enable proper communication of requirements and expectations to management. Through holistic application of the Standards by all CAEs, internal auditors will be able to more readily gain the coveted seat at the table. However, absent CAEs sticking together and abiding by the Standards, management will continue to view the profession as one in which they can dictate the acceptance of guidelines.

SECTION-2: Is It Legal or Is It Ethical? The CAE’s Dilemma


The phrase “Is it legal or is it ethical?” can be a mini mantra of the internal audit function. Auditors will sometimes describe the dilemma when identifying a control gap that legally may be accept- able but morally may not. Many professions have their own code of conduct. The code is established to ensure that professionals follow proper morals and behavior as expected in their roles. Lawyers, doctors, certified public accountants, as well as other professional roles have detailed codes of conduct. The IIA has defined a code of ethics for the profession. The code states the principles and expectations governing the behavior of individuals in the conduct of internal auditing. It also describes the minimum requirements for conduct and behavioral expectations. But the ethical line is not always a black-and- white demarcation. In addition, legal implications can impact how gray the line may appear.

Lessons of an Auditor can be download here:

Learning Objectives

  • Identify how to clarify management expectations for internal audit.
  • Explore how to balance management expectations with Standards.
  • Discover how to validate that the internal audit charter is fact, not fiction.
  • Identify how to clarify the purpose and execution of risk-based auditing.
  • Recognize “independent risk assessment” when developing the audit plan.
  • Discover how to add value while maintaining independence.
  • Explore how to serve the audit committee.
  • Identify how to clarify issues when management objects.
  • Discover how the CAE role and the internal audit department are viewed by the company.
  • Recognize hot to gain a “seat at the table.”
Last updated/reviewed: November 11, 2020

Included In Certifications

This course is included in the following Certification Programs:

19 CoursesInternal Controls Certification

  1. Management Internal Control Essentials
  2. COSO 2013 Overview
  3. Internal Audit Standards Overview
  4. Internal Audit Standards - Managing Internal Audit Work
  5. Internal Audit Standards - Executing the Audit Engagement
  6. Identifying and Implementing the Proper Balance of Internal Controls
  7. Documentation Methods For Internal Control Processes
  8. Information Technology (IT) Risks in Emerging Business Environments
  9. Foundations for a Strong Internal Audit Department
  10. Internal Audit: Keys to Managing an Effective Function
  11. Internal Audit Effective Relations with the Audit Committee
  12. Understanding Risk-Based Auditing
  13. Risk Based Auditing – Establishing a Methodology
  14. Risk Based Auditing – Applying the Methodology
  15. Segregation of Duties for Core Business Processes
  16. Professional Skepticism - Keys to Maintaining
  17. Whistleblower Hotlines - Effective Management
  18. Tools for Internal Control Certificate
  19. Lessons of an Auditor- Tools for Internal Control Certificate

1 Review (3 ratings)Reviews

Anonymous Author
Thank you very much Lynn! it was a great wrap up of the course with very interesting additional materials to review. This whole course was very valuable and I am planning to use all this information at work.


Course Complexity:
  • No advanced preparation or prerequisites are required for this course.

Education Provider Information

Illumeo, Inc., 75 East Santa Clara St., Suite 1215, San Jose, CA 95113
For more information regarding this course, including complaint and cancellation policies, please contact our offices at (408) 400- 3993 or send an e-mail to .
Course Syllabus
Introduction And Overview
Continuous Play
Supporting Material
  PDFIntroduction - Lessons of An Auditor
  PDFSECTION-1: Lessons Learned
  PDFLesson 1: Clarify/Define Management Expectations for Internal Audit
  PDFLesson 2: Balance Management Expectations with the International Institute of Auditors Standards
  PDFLesson 3: Validate the Internal Audit Charter as Fact and Not Fiction
  PDFLesson 4: Clarify the Purpose and Execution of Risk-Based Auditing 
  PDFLesson 5: Define “Independent Risk Assessment” in Relation to the Audit Plan
  PDFLesson 6: Add Value While Maintaining Independence
  PDFLesson 7: Serve the Audit Committee
  PDFLesson 8: Communication of Issues When Management Objects
  PDFLesson 9: Understand How the CAE Role and Audit Department Are Viewed
  PDFLesson 10: Gaining a “Seat at the Table”
  PDFSECTION-2: Is It Legal or Is It Ethical? The CAE’s Dilemma
  PDFLessons of An Auditor - Tools for Internal Control Certificate
Review And Test