April 2013

One of the occasional criticisms of internal auditors is that we are not as innovative as some in other professions. There is a grain of truth to the “innovation-aversion syndrome,” as I will call it, but our profession has adopted several new technologies in the past 20 years that have permitted us to leverage key technologies. Today, for example, many internal audit functions leverage audit management systems, deploy systems for maintaining workpapers electronically, use data mining and analysis tools, and deliver our reports electronically with embedded hyperlinks for the readers’ use in perusing evidence or data in greater detail.​

While I am proud of the innovation that we have adopted, I am always on the lookout for the next innovative tools, methodologies, and technologies that our profession can pioneer for use.…

A couple of weeks ago, I responded to a U.S. Securities and Exchange Commission (SEC) request for input on a proposal that NASDAQ-listed companies have an internal audit function. This rule change, if adopted, would elevate internal auditing at NASDAQ-listed companies to a level on par with what is already required for companies listed on the New York Stock Exchange.

It is a change that has been years in the making, and as I signed that letter I was reminded of the Federal Reserve Board’s recent statement on the importance of a strong and effective internal audit function in financial services institutions in the “post-financial crisis” era.…

Every profession makes ethical behavior a cornerstone of accountability for its members. Internal auditors are no different, and we hold ourselves to a very high standard in this regard. This is exemplified by the International Professional Practices Framework (IPPF), which includes a well-defined code of ethics based on the principles of integrity, objectivity, confidentiality, and competency. As the code’s introduction states, “a code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about governance, risk management, and control.”

This is one of the primary reasons we perceive ourselves as the “guardians of trust” in our organizations, professionals who are far more likely to disclose ethical misconduct than to misbehave ethically ourselves.…