866.254.0000
Talk with a Specialist
Services
SOC & Attestations
Payment Card Assessments
ISO Certifications
Privacy Assessments
Federal Assessments
Healthcare Assessments
Penetration Testing
Cybersecurity Assessments
Crypto and Digital Trust
Schellman Training
ESG & Sustainability
AI Services
View All Services
Industry Solutions
Cloud Computing & Data Centers Meet a broad range of regulatory and industry compliance mandates for your customers
Financial Services & Fintech Cybersecurity assessments for both the banking industry and the financial service providers
Healthcare Reporting to manage risk and adhere to applicable laws and regulations
Payment Card Processing Validate compliance with the various forms of the PCI DSS
US Government Achieve authorization to work for federal agencies, DoD, and the associated contractor base
Higher Education & Research Laboratories Reinforce your commitment to securing your student's and institution's data.
View All Industry Solutions
Learning Center
Our Technology
About Us
Leadership Team
Careers
Corporate Social Responsibility
Strategic Partnerships
Visit About Us
Services
Services
View All Services
SOC & Attestations
SOC & Attestations
Payment Card Assessments
Payment Card Assessments
ISO Certifications
ISO Certifications
Privacy Assessments
Privacy Assessments
Federal Assessments
Federal Assessments
Healthcare Assessments
Healthcare Assessments
Penetration Testing
Penetration Testing
Cybersecurity Assessments
Cybersecurity Assessments
Crypto and Digital Trust
Crypto and Digital Trust
Schellman Training
Schellman Training
ESG & Sustainability
ESG & Sustainability
AI Services
AI Services
Industry Solutions
Industry Solutions
View All Industry Solutions
Cloud Computing & Data Centers
Cloud Computing & Data Centers
Financial Services & Fintech
Financial Services & Fintech
Healthcare
Healthcare
Payment Card Processing
Payment Card Processing
US Government
US Government
Higher Education & Research Laboratories
Higher Education & Research Laboratories
Learning Center
Our Technology
About Us
About Us
About Schellman
Leadership Team
Leadership Team
Careers
Careers
Corporate Social Responsibility
Corporate Social Responsibility
Strategic Partnerships
Strategic Partnerships
Talk with a Specialist

«  View All Posts

Mental Readiness in Compliance: Advice for Auditees and Their Auditors Blog Feature
Megan Sajewski

By: Megan Sajewski

Print/Save as PDF

Mental Readiness in Compliance: Advice for Auditees and Their Auditors

SchellmanLife | Audit Readiness

Benjamin Franklin once said, “By failing to prepare, you are preparing to fail.”

Franklin is considered one of history’s geniuses, and his words are so timeless they even apply now to your compliance audits. Whether you’ve been through one before or not—as either the auditee or the auditor—you likely already have a vague idea that you’ll need to pull together evidence and find time in schedules for interviews, but for everyone in involved, you can actually do something more to prepare.

Schellman has been in the auditing business for over two decades now, and our professionals have gone in and out of all kinds of organizations, and we’ve worked with all kinds of professionals, so we know that each time, combining different personalities is necessary for this kind of work.

But we also know that—despite this kind of work being notoriously resented—this combination and the overall experience doesn’t have to be painful for anyone involved, and we can explain a way that can help ease your own.

In this article, we’ll explore and build upon what Harvard Business Review (HBR) has called “mental toughness”—a state of resilience that serves both businesses and those doing business. We’re not implying you aren’t already—rather, we’re just going to take the concepts Harvard notes, supplement them with other research, and disseminate everything into advice for both auditors and organizations being audited.

No matter which side of the aisle you fall on—if you’re an auditor or an organization with compliance requirements—these tips will help your next engagement go a little more smoothly.

 

What is “Mental Toughness” in Audits?

As we mentioned, the ideas that follow are derivatives of HBR’s On Mental Toughness. This collection of ten essays presents different impactful concepts for coping with stress and rebounding from difficult situations—things many might agree are synonymous with audits.

Auditing can be—and often is—considered the dentistry of business: not a lot of folks are excited about going to the auditor (or dentist), yet it’s really important to stay proactive with our cybersecurity posture (and dental health).

Given the associated reluctance, that can be tricky, but one of the key thoughts HBR presents could help ease that, and it’s called grit. Grit is a grounded readiness, and when we apply this to an audit, having “grit” would mean having a full awareness or understanding that part of the assessment will be easier than expected, other parts will meet expectations, and the obstacles that arise will both be known and unknown.

Just like a dentist appointment, getting ready for an audit can also be nerve-wracking, intense, and often induces a degree of stress but by its definition, grit can help. But how can you conjure grit?

 

3 Tips For Organizations Preparing for An Audit

If you’re an organization that’s going to be audited, here are a handful of tips for preparing mentally—for supporting your “grit”—as well as some “coping mechanisms” you can help preemptively insert into your engagement:

  1. Don’t Be Afraid to Ask (No, Really): It’s not just about your asking questions themselves—you should always feel free to ask your auditor to slow down and/or rephrase their Sometimes you’ll be paired with a rookie auditor who may speak too quickly for your preference. Let them know.
  2. Push For Interludes: If your auditor has not scheduled breaks into fieldwork—especially if you are anticipating more than two hours of meetings—ask for a short break or an extended lunch.
  3. Understand Your Auditor’s Acting in Good Faith: Remember that when your auditor engages you in open-ended conversation, it’s for them to understand your process out of genuine interest. For instance, at Schellman, we have a “no surprises” policy, which means that when we find a gap, exception, nonconformity, etc., our auditors will alert you in real-time or as close to it as possible—in other words, we’re not trying to catch you out with our questions.

For more details on how organizations can improve their audit mindset, click here.

 

3 Tips For an Auditor Ahead of Your Next Audit

Now for the other side of these conversations.

Contrary to what you may have heard, fostering complete readiness for an audit extends beyond document gathering, timely follow-ups, and great rapport. The University of Minnesota’s research, along with many in the scientific community, agrees that our thoughts, feelings, and behaviors can impact our biology.

We agreed above that an audit generates an inherent (dentist-level) pressure as a by-product of testing and concluding, but thoughtfully arranging the mind-body sphere pre-audit could lessen the effects of tension felt by either (and both) auditee and auditor.

So, here are some words of wisdom for any new auditor or seasoned auditor seeking a mental refresh ahead of your next project start:

  1. Have a Relaxed, Unplugged Moment Before Fieldwork Starts: The day before your next kickoff—or even the morning of—take an “internal shower”: consume a sizeable glass of water. Find stillness for a few minutes in the morning, or maybe take a short walk. It’s important to settle yourself so that you can more easily settle into the audit process.
  2. Speak with a Smile and Keep It Simple: When working with your auditee, use a confident, polite, and gentle tone when posing questions. Remember to only ask one question at a time instead of bundling a few queries together.
  3. Be Mindful of Others’ Time and Position, As Well As Yours: Don’t forget those 5-minute bio breaks, especially for particularly long interviews or meetings. Do your best to answer auditee follow-up questions, but don’t be afraid to admit when you could use a helping hand from a more senior associate or manager on the project.

If you can put people first—including taking adequate care of yourself—you’ll show up sharp and bright-eyed with an improved overall approach to the audit project that should upgrade the effectiveness, efficiency, and sustainability of the process from fieldwork to deliverables.

 

Getting Ready for Your Audit

All this being said—yes, assembling documentation (or reviewing) will be the bulk of your preparation and audit work, no matter if you’re seeking compliance with a SOC standard, striving for an ISO certification, or attempting to prove adherence to PCI-DSS.

But our experience—as backed by Harvard and other university research—says that spending some quality time cultivating a healthy mindset will add intangible, but noticeable, value to the project.

For more help in further streamlining your experience and ensuring you receive the assurances you need, check out our other content that addresses both preparation and other important considerations for both organizations and auditors:

About Megan Sajewski

Megan Sajewski is a Senior ISO Associate with Schellman based in Dearborn, Michigan. Prior to joining Schellman in 2023, Megan worked as a Senior Associate, Attest Services, for a small public accounting company specializing in SOC and ISO reports. Megan also led and supported various other projects, including technical writing for metal forming 3D printing, and design software. Megan has over 11 years of experience comprised of serving clients in various industries, including cybersecurity, engineering, and academia. Megan is now focused primarily on ISO examinations for organizations across various industries.

4010 W Boy Scout Boulevard
Suite 600
Tampa, FL 33607

U.S. 1.866.254.0000

Outside the U.S.
1.813.288.8833

Resources
Company
Stay Up-to-Date

Sign up to receive Schellman's Weekly Ready delivered every Friday morning.

© SchellmanPrivacy PolicyTerms of Use

“Schellman” is the brand name under which Schellman & Company, LLC and Schellman Compliance, LLC provide professional services. Schellman & Company, LLC and Schellman Compliance, LLC practice as an alternative practice structure in accordance with the AICPA Code of Professional Conduct and applicable law, regulations and professional standards. Schellman & Company, LLC is a licensed certified public accounting firm (Florida license number AD62941) registered with the Public Company Accounting Oversight Board (PCAOB) that provides attest services to its clients, and Schellman Compliance, LLC provides nonattest cybersecurity and compliance professional services to its clients. Schellman Compliance, LLC is not a licensed CPA firm. Schellman & Company, LLC and Schellman Compliance, LLC are independently owned and are not liable for the services provided by any other entity providing services under the Schellman brand. Our use of the terms “our firm” and “we” and “us” and terms of similar import, denote the alternative practice structure conducted by Schellman & Company, LLC and Schellman Compliance, LLC.