Whether you're a World Cup 2014 soccer fan or not, you've probably heard about Tim Howard, the goalie for Team USA. Tim had an unbelievable performance during Team USA's run through the World Cup tournament, but especially against Team Belgium, where he recorded 16 saves, the most in a World Cup game since 1966. Check out this amazing picture of all his saves in one combined shot!
How did he accomplish such an amazing feat? What did he do to prepare and what strategies and tactics did he practice that worked so well? Before I answer, here are a couple of interesting soccer facts. A soccer ball can hurtle from any direction through the air at 80 miles an hour striking with about 5,000 pounds of force. Howard's job is to react instantly to catch or block these cannon balls. "I'm constantly strengthening my core because that's what gives me the ability to react faster and the stability to control my body better", says Howard. His training focuses on speed, balance and range of motion. Tim has to be able to shift his body weight and throw himself in any direction, without any preparation. His agility workouts combine explosive lifting, core exercises, jumping drills and boxing. To draw a comparison here, does internal audit ever have to react quickly and adjust their audit plans to address new risks? How have they prepared to do this?
Goalies are so important to a soccer team because they are that last line of defense against attackers. To draw another internal audit analogy, you could call goalies that "third line of defense". Behind control owners (forwards), risk and compliance groups (defenders), Internal audit (goalie) is often that last line of defense to fend off shots (risks) after the rest of the team (e.g., risk and compliance groups) have played their positions.
The team approach to both soccer and internal audit is important too as success comes from the strength of the team and their approach. Soccer teams use strategies that vary based on their philosophy and strengths. Some strategies include attacking, defensive, high pressure, low pressure, possession, counter attack, long ball or exploiting formations. One of these stood out to me - low pressure, which is where all eleven players behind the ball defend as a collective unit. They cut the field in half and make the opposition break them down. This struck a chord with me because internal audit, risk and compliance teams, and other related groups must also "defend as a collective unit". Their posture is often both offensive and defensive as they identify and defend against existing and new risks by implementing effective control strategies.
I've loved watching the 2014 World Cup and also enjoy my role helping internal audit groups leverage their larger "team" to supplement their role as the company's "third line of defense". To draw one last soccer analogy, there's a tactic that's difficult to teach kids when they're learning the game of soccer, called "go to the open spot". Kids want to run to where the ball is right now. The problem is that by the time they get there, the ball is gone. We try to teach them to run to where the ball is going to be, not where it is right now. The question I'll close on, is this - Is your combined internal audit, risk and compliance "team" playing the game together, and are you "chasing the ball" with compliance-driven strategies or headed to where the ball is going to be using risk-driven strategies? Be the Tim Howard of internal audit! Contact me at firstname.lastname@example.org with your feedback or questions.