​The Journey for Internal Audit Holds Valuable Lessons

We kick off the 2019 General Audit Management (GAM) conference today in Dallas-Fort Worth with more than 1,200 in attendance either in person or through our new livestream offering. As always, the event is packed with informative sessions on issues and trends crucial to internal audit executives. In fact, the first general session this morning (at 9:15 a.m. Central Time) will be an in-depth conversation I am having with U.S. Securities and Exchange Commissioner Hester Peirce. GAM is also where the Internal Audit Foundation will officially unveil my latest book, The Speed of Risk. It’s an update to my first book, Lessons Learned on the Audit Trail, published in 2014.

I’m proud of the work that went into this new book, and appreciative of those who helped me pull it together. As they say, it takes a village, even for one book. You might be asking at this point, “What’s new?” If you’ll indulge me for a moment, I encourage you to read the following preview from the book’s first chapter, “There Are No Speed Limits on the Audit Trail,” to understand why I felt the need to embark on yet another journey of research and long hours of writing to share new lessons — and elaborate on still relevant ones from the first edition — with readers.

“When I ‘put my pencil down’ and submitted the final manuscript of Lessons Learned on the Audit Trail for publication five years ago, I assumed it was my last word on the subject. Yet, I was ignoring a key message from the book: We must never stop learning from the lessons that life teaches us. Since the first edition of this book was published, I feel I have almost lived another professional lifetime. I have shared numerous new lessons across various media — blogs, presentations, and social media. In fact, the speed at which life is teaching us new lessons is a lesson unto itself. For that reason, I am compelled to update Lessons Learned on the Audit Trail to share new perspectives on the lessons in the first edition and to impart new lessons learned during these last few  years.

As we travel down life’s path, each of us experiences things in both our personal and professional lives that prepare us for what lies ahead. In that regard, my journey is not unique. What sets it apart, however, is that I have invested more than four decades serving the same profession — internal auditing. During that time, I have learned many important lessons, some early in my career and some recent. The paradox of encountering lessons later in life is that you have less time to apply them, which is a motivating factor for me in writing my books. If I can help just one internal auditor to be better prepared for the challenges and opportunities that await in his or her career, then the effort will have been worth it. … The lessons we learn over the course of a career will serve us well if we remember and apply them. And we will need every one of those lessons to surmount the ever-increasing challenges and opportunities internal auditors face today. This edition has been updated to include perspectives on recent developments that pose critical implications for the profession.

I have written more than 200 blogs and articles since the first edition was published. The research and conversations with global experts I used to prepare those writings have afforded me insights I share in this book on topics of concern to the profession today: · Perspectives that management and audit committees are reluctant to share.· How marketing internal audit can enhance awareness about its value.

· Frequent sources of tension between management and internal audit.· The idea that internal auditors can audit anything — but not everything.· The importance of tact and the art of bringing about positive change.· How poor audit planning can cause “the wheels to come off” the engagement.· How smart internal auditors ask smart questions.· The need for ethical internal auditors to be courageous. These topics are of increasing concern to the internal audit profession, which is called on to excel in an environment that is shaped by challenging trends, including the following.1. The Speed of Risk Businesses worldwide frequently focus on managing risks, both internal and external, whether related to finance, operations, strategy, technology, regulations, or reputation. While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. In the past five years, global financial and business markets have been rocked by spectacular cybersecurity breaches, corporate failures induced by toxic cultures, the #MeToo movement highlighting sexual assault and harassment in the workplace, and more.

Internal auditors are finding that rigid, risk-based annual audit plans are increasingly relics of the past that position them to address yesterday’s challenges. This reinforces my long-held belief that internal audit must take a more continuous approach to risk assessment — auditing at the speed of risk — which is a recurring theme in this updated edition.

2. The Implications of Auditing Organizational Culture Our profession has long recognized that tone at the top is critical to the overall effectiveness of an organization’s system of internal controls. When the first edition of this book was published, auditing culture was not a frequent topic of conversation for many of us. In the last few years, however, there has been virtually an epidemic of corporate failures induced, at least in part, by a toxic culture.

Regulators, stakeholders, and the public have looked to internal audit as a source of assurance or insight on organizational culture. Organizational culture reflects ‘how we do things around here,’ so when the culture becomes toxic, it impacts the workplace environment and generates a ripple effect on the entire organization, ultimately impacting the bottom line.

3. Technological Innovation The speed at which technological changes have advanced since the first edition of this book affects how innovation drives greatness in internal audit departments. In chapter 8, I explore how new and emerging technologies, such as robotics process automation and artificial intelligence, will impact internal audit, and the imperative to embrace them.

4. Becoming a Trusted Advisor Near the end of the first edition, I introduced what I believed were the essential skills that internal auditors needed to build and sustain trust with those they serve. In this edition, I update the definition and attributes of trusted advisors and incorporate these concepts throughout the book to align with those outlined in my second book, Trusted Advisors: Key Attributes of Outstanding Internal Auditors.

We are well positioned as a profession to tackle the challenges now before us. New regulations are imposed with increasing frequency, causing audit plans to undergo regular adjustments to encompass compliance activities. But not all changes are challenges; opportunities are emerging as well. Internal audit departments continue to receive added resources, reflecting stakeholders’ expanding recognition of the value they provide. And internal audit is increasingly offered a more engaged role in addressing strategic business risks.”

I hope you will find my new book useful, and I look forward to your feedback here and further along the audit trail.