Communication—The Missing Piece 

Download Article Article in Digital Form

Career progression in any field is dependent on many factors, including skill and experience and, often, being in the right place at the right time. In the audit and risk management profession, there are many high-quality people vying for the same roles. Additionally, the progression of many managers up the proverbial audit ladder is stymied due to one significant distinguishing factor:  communication skills.

In the IT audit world, some security and IT auditors tend to use fear, uncertainty and doubt as methods of enforcement. When speaking to nontechnically oriented team members, it is easy to generate fear, which may inadvertently lead to rumors that can damage the credibility of the auditors and/or the audit departments. Such negative methods by auditors will not contribute to success in building long-term relationships with auditees.

For auditors, the focus is on oral and written communication. To be successful, auditors must establish face-to-face relationships with auditees and develop a level of trust. Furthermore, complete and accurate work papers in addition to compelling audit reports are important throughout the audit process.

Auditing skills and ability are extremely important; however, without a high level of communication, all ability is for naught. It has been said that interpersonal skills are more important than auditing skills in this profession.1 Internal audit is comparable to the sales group inside an organization, in that audit must constantly sell its value and role. The need for auditors to constantly sell their value highlights the importance of refined communication skills. Some best practices and key areas of communication include:

  • The 7 C’s of communication
  • Professionalism
  • Miscommunication
  • Mode of communication
  • Conflict management
  • Active listening

The 7 C’s of Communication

Communication, via emails, meetings, phone conversations and instant messaging, for example, is the foundation of all business. The 7 C’s of communication provide a checklist for making sure that all forms of communication, including meetings, emails, conference calls, reports and presentations, are well constructed and clear.

The 7 C’s of communication are:2

  1. Clarity/coherence—This may seem obvious, but clear and coherent communication is not as easy as it seems. Communication should be focused—with no question about the intention or the objective. Irrelevance should be eliminated, and logic must be embraced.
  2. Concise—Many people are familiar with people who like to use long words and sentences to project intelligence, often producing the opposite effect. The elimination of space killers and a focus on useful words is key. Concise communication keeps audiences engaged and interested.
  3. Complete/correct—Communication is a fine art; it is important to paint a complete picture so that all facts and circumstances are understood. Communication should be accurate and honest. It is okay for people to admit that they do not know something—admit it, attempt to find the answer and move forward.
  4. Captivating—Communication must be interesting and engaging at all times. Comprehension and listening significantly decrease if people do not see how they are personally involved in the communication. Compelling language that encourages action should be utlized. This commands more attention and better responses.
  5. Conversational—An adult’s comprehension tends to decrease significantly (during training) when a speaker talks to the audience rather than with the audience. People must be engaged and feel comfortable enough to speak their mind. It is important to personalize each experience and make each individual connect.
  6. Courteous—Communications are most effective when they are two-way, not one-way. Communication should be professional, but friendly and approachable.
  7. Concrete—One should communicate with specifics and certainty, eliminating as much ambiguity as possible and keeping communications direct and to the point.


One of the major issues with interoffice communication is the separation of personal and professional points of view. Emotion tends to weigh down healthy and straight-forward communication and the comprehension of what is being communicated. Communication should be kept at a professional level; personal feelings should not affect communication. It is important to remember that communication should not be taken personally in the workplace. In certain instances, auditees may take audit findings or recommendations personally. For auditors, communication must be kept on a professional level and emotion must be eliminated as much as possible. The auditor should remain focused on the issue and the root of the problem.


Miscommunication is the number-one cause of unnecessary conflict. Assumptions can take on a world of their own. People who assume let the assumption take over the conversation and, thus, do not fully comprehend the communication. Auditors must not assume anything, must keep an open mind and must be open to conversations. Many miscommunications are bred from assumptions and are affected by the mode of communication. Auditors should ensure that communications to auditees are clear, and they should avoid miscommunication as much as possible.

Mode of Communication

The mode of communication can significantly change the tone and meaning of communication. Generation Z3 is well-versed in communicating via smartphone and social media (e.g., LinkedIn, Facebook, Twitter); however, the focus on these new modes of communication has decreased Generation Z’s in-person communication skills. There are many different modes of communication, but nothing can replace face-to-face conversation.

Emotions and sarcasm are difficult to interpret via email and on smartphones. All employees should be guarded when communicating via smartphone. Technology has enhanced the speed of communication, but it has also decreased the effectiveness of communication. Generation Z relies heavily on text messaging and emails, but many conversations are better conducted in person or over the phone. Email and texting are sometimes used as modes to avoid in-person conversations. Communications that involve back-and-forth conversation should be done in person rather than via email. Many employees, especially in younger generations, tend to use the wrong form of communication. Email is overused, and not all conversations are effective via email. Emotional conversations should not take place via email. If an emotionally charged email is received, it is best not to respond via email, but to call the sender and discuss the situation offline, regardless of who is copied on the email. In the case of an ongoing audit, it is best not to communicate significant findings via email. Anything that could be significant or construed as personal should be communicated in person.

Conflict Management

Confrontation4 can be a healthy exercise when the parties in conflict are transparent and honest. In most cases, discussions of audit findings will have some form of confrontation. Proper management of this communication can determine the successfulness of an audit.

Most people inherently do not like confrontation. The points outlined below can be applied to any type of conflict. Confrontation—due to any conflict, including those within the audit group, between audit and management, or among auditors and auditees—can be optimized by undertaking the following steps:

  • Personally confront the issue—Lack of transparency breeds distrust. When issues are avoided, assumptions arise. As discussed previously, assumptions can take on a world of their own. Confronting issues head-on breeds confidence and trust in management. When discussing an audit issue, lay out the facts and be straightforward.
  • Make the initial statement, then stop talking—When confronting an issue, make an initial statement and then stop talking. This is against human nature; during confrontation, many want to state their case and not stop until they believe they have sufficiently made their case. On the other hand, the other party in the conflict feels that they are being railroaded and belittled. Conflict is healthy when there is two-way communication. One-way communication will never resolve an issue. After the initial statement is made, give ample opportunity for the other parties to discuss the statement and give their viewpoints. This creates a back-and-forth communication that is more effective in resolving a confrontation.
  • Avoid arguing during the confrontation—No matter what is said during a confrontation, regardless of how personal a statement is, arguing is never valuable or effective. Silence is preferable.
  • Know the desired resolution prior to the confrontation— Many pointless confrontations occur because the parties do not know before the confrontation what resolution they want. Without a known resolution, confrontation is meaningless and tends to be emotional. The best way to convince auditees that change is necessary is to present the idea as theirs. Via significant dialog with the auditees, and through showing an understanding of their perspective and ideas, the auditor can lead auditees in the direction of the recommendation.
  • Focus on the real issue of the confrontation—Many confrontations become emotional when there is a lack of focus on the real issue. It becomes a blame game with a multitude of excuses. If the conversation deteriorates into a blame game, take a break or a deep breath and eliminate blame. Refocus on the primary objectives of resolving the issue and alleviating concerns that the issue will reoccur at a later date.

Active Listening

Listening is a major part of communication. It takes effort to listen and comprehend. Auditors must be good listeners and must focus on the content and meaning of a conversation. When participants lack strong listening skills, audit interviews lose their value. The following points can enable more optimized listening:

  • Ignore phone calls during a conversation, and abstain from multitasking; ensure that the conversation is the primary focus. Conversations can become relatively meaningless and devalued when combined with multitasking.
  • Look at the other person, and focus on the words and meanings. Eye contact is important because it breeds trust and confidence. Maintaining eye contact keeps the focus on the conversation at hand.
  • Avoid interruptions.
  • Resist jumping to conclusions. It can be difficult not to jump to conclusions. The listener may hear something that takes comprehension away from the remainder of the conversation. Regardless of what is said, keep an open mind and follow up on any concerns when the opportunity arises.
  • Concentrate on the flow and back-and-forth of the conversation rather than focusing on bits of information or past parts of the conversation.


Communication is key to an organization’s success. In general, audit skills and talents are very important, and not everyone is capable of becoming a good auditor. On the other hand, interpersonal and communication skills are as, or more, important than general audit capabilities. If an auditor cannot effectively communicate a finding or recommendation, the solution will fall on deaf ears. All the internal and IT audit talents in the world are deemed relatively useless when the auditor lacks the ability to effectively communicate the goals and findings of an audit.

Auditors who strive to advance into managerial roles need strong communication skills to take the next step. This is the missing piece for many auditors, but it can be achieved with training and effort. Auditors must become optimized communicators, and should not assume that the people with whom they interact are not optimized communicators.


1 This statement is based on the author’s experience and his discussions with other audit professionals.
2 There are many variations of the 7 C’s of communication. For additional examples, please see: Mind Tools, “The 7 C’s of Communication: A Checklist for Clear Communication,”, and Reynolds, Roger; “Seven C’s of Good Communication,” Infinisource Payroll,
3 A term used for individuals born between approximately 1990 and 2000.
4 The definition of “confront” (and, in turn, “confrontation”) is not implicitly negative. See Merriam-Webster, “Confront,”

Danny M. Goldberg, CISA, CGEIT, CCSA, CIA, CPA, is the professional development practice director at Sunera, an international corporate governance, risk management and regulatory compliance firm. Prior to joining Sunera in January 2011, he founded SOFT GRC, an advisory services and professional development firm. Goldberg has more than 13 years of audit experience in the Dallas and Fort Worth, Texas, USA, area, including five as a chief audit executive/audit director at two diverse companies. He has the rare experience of leading or being an integral part of year-one US Sarbanes-Oxley Act compliance efforts at three companies. Additionally, he has assisted in leading the establishment of three internal audit/Sarbanes-Oxley departments.

Enjoying this article? To read the most current ISACA Journal articles, become a member or subscribe to the Journal.

The ISACA Journal is published by ISACA. Membership in the association, a voluntary organization serving IT governance professionals, entitles one to receive an annual subscription to the ISACA Journal.

Opinions expressed in the ISACA Journal represent the views of the authors and advertisers. They may differ from policies and official statements of ISACA and/or the IT Governance Institute and their committees, and from opinions endorsed by authors’ employers, or the editors of this Journal. ISACA Journal does not attest to the originality of authors’ content.

© 2012 ISACA. All rights reserved.

Instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. For other copying, reprint or republication, permission must be obtained in writing from the association. Where necessary, permission is granted by the copyright owners for those registered with the Copyright Clearance Center (CCC), 27 Congress St., Salem, MA 01970, to photocopy articles owned by ISACA, for a flat fee of US $2.50 per article plus 25¢ per page. Send payment to the CCC stating the ISSN (1526-7407), date, volume, and first and last page number of each article. Copying for other than personal use or internal reference, or of articles or columns not owned by the association without express permission of the association or the copyright owner is expressly prohibited.