2013

One of the occasional criticisms of internal auditors is that we are not as innovative as some in other professions. There is a grain of truth to the “innovation-aversion syndrome,” as I will call it, but our profession has adopted several new technologies in the past 20 years that have permitted us to leverage key technologies. Today, for example, many internal audit functions leverage audit management systems, deploy systems for maintaining workpapers electronically, use data mining and analysis tools, and deliver our reports electronically with embedded hyperlinks for the readers’ use in perusing evidence or data in greater detail.​

While I am proud of the innovation that we have adopted, I am always on the lookout for the next innovative tools, methodologies, and technologies that our profession can pioneer for use.…

A couple of weeks ago, I responded to a U.S. Securities and Exchange Commission (SEC) request for input on a proposal that NASDAQ-listed companies have an internal audit function. This rule change, if adopted, would elevate internal auditing at NASDAQ-listed companies to a level on par with what is already required for companies listed on the New York Stock Exchange.

It is a change that has been years in the making, and as I signed that letter I was reminded of the Federal Reserve Board’s recent statement on the importance of a strong and effective internal audit function in financial services institutions in the “post-financial crisis” era.…

Every profession makes ethical behavior a cornerstone of accountability for its members. Internal auditors are no different, and we hold ourselves to a very high standard in this regard. This is exemplified by the International Professional Practices Framework (IPPF), which includes a well-defined code of ethics based on the principles of integrity, objectivity, confidentiality, and competency. As the code’s introduction states, “a code of ethics is necessary and appropriate for the profession of internal auditing, founded as it is on the trust placed in its objective assurance about governance, risk management, and control.”

This is one of the primary reasons we perceive ourselves as the “guardians of trust” in our organizations, professionals who are far more likely to disclose ethical misconduct than to misbehave ethically ourselves.…

Auditor: n) from the Anglo-French auditour — listener.

Are you a good listener? Funny how “auditor,” a word that started out as something so desirable, has come (for some) to evoke fear and dread — like “dentist.”

In my previous blog on “tone,” I wrote about perception and the written word. Today I’d like to revisit perception as it pertains to the way we present ourselves in person. I touched on this in a blog back in July 2012, but it bears repeating.

We are victims of the stereotypes we perpetuate. Mention the word “audit” to most people and their anxiety level will rise.…

There are times when I look back at the history of our organization and I’m awestruck. Today is one of those days. I reflect with gratitude on the individuals who were instrumental in The IIA’s evolution, and I believe all of us are humbled by the everlasting impact they’ve made on the internal audit profession and The IIA. One person, in particular, headed the pack.

Last Wednesday, John Harmon, executive vice president of The IIA (equivalent to the current title of CEO) from 1972 until 1978, passed away at the age of 89. John was one of the most formidable and influential figures in IIA history.…

You’ve heard: “It’s not what you say, it’s how you say it.” Well, in internal auditing, I’d say it’s a combination of both. What we say in our audit reports most certainly matters. The reports must be clear, concise, and accurate. But it’s the way we communicate that will determine how our findings and recommendations are received — I call it “tone.”

Have you ever sent an email that others misread as harsh or curt? Early in my internal audit career, I actually had someone tell me, after reading a draft of an audit: “I agree with the recommendations, but I disagree with all of the findings.”…

This week, The IIA is hosting its annual Global Council meeting in Lima, Peru. Global Council is a truly extraordinary forum that enables delegates from IIA institutes around the world to gather and deliberate important strategic issues facing not only IIA Global, but the global internal audit profession itself. Last year’s Global Council was held in New Delhi, India, and next year’s meeting will be in Dubai, United Arab Emirates.

Few professional bodies boast the impressive international footprint of The IIA. With more than 180,000 members in 190 countries, it is the most widely recognized advocate and standard-setting body for the profession worldwide.…

As a young internal auditor, I concentrated extensively on learning the technical skills of the profession. I learned early in my career about the importance of developing an audit plan at the beginning of every engagement, documenting the results of the audit, and crafting a well-written audit report. I also learned how important it was to understand the operations/business of the areas I was auditing. All of these skills served me well throughout my career. However, I can honestly say that the technical skills were easy to learn compared with the “soft skills” that I needed to hone in order to be successful.…

Every now and then, regulatory bodies around the world issue guidance documents that make a profound statement about internal auditing. Last week, the U.S. Federal Reserve issued some new guidance that clearly falls into that category.

The 15-page document, titled Supplemental Policy Statement on the Internal Audit Function and Its Outsourcing, technically applies only to U.S. banks with assets of US $10 billion or more. However, from my perspective, the Fed has made a powerful statement on the importance of a strong and effective internal audit function in financial services institutions in the “post financial crisis” era.

With this statement, the Federal Reserve also comes closer than virtually any other regulator in the industry to endorsing or mandating The IIA’s International Standards for the Professional Practice of Internal Auditing.…

This year marks the 35th anniversary of The IIA’s International Standards for the Professional Practice of Internal Auditing (Standards). Over the years, the Standards has become recognized as a critical means by which internal auditing’s stakeholders gain assurance on the quality of internal audit’s work. Conforming with the Standards lets our stakeholders know that the internal audit function is a reliable resource because it’s independent; operates with a high degree of professionalism; is staffed with ethical, objective professionals; and adds true value to the organization. As such, The IIA’s Code of Ethics and Certified Internal Auditor designation make conformance with the Standards a requirement for IIA members, IIA certification holders, and candidates.…