April 2021

April 27, 2021

Should Internal Audit Change its Name?

Over the four decades that I have been part of the internal audit profession, I have been struck by how often I have heard the refrain – “Internal audit should change its name.” The idea is typically suggested as a way to avoid what some view as a negative stigma associated with internal audit. During my years at The IIA, I quickly shot down such ideas as unnecessary and counterproductive. After all, I headed “The Institute of Internal Auditors!” However; as I noted in my recent blog on personal goals for myself, I need to be more open to alternative views and be courageous enough to reexamine long held personal preferences or beliefs.…

April 18, 2021

Internal Auditors Can’t be Change Agents if They’re Secret Agents

For almost two years, I have been encouraging internal auditors to become more assertive and adept in “telling their story.” Telling our story is simply another way of creating awareness among those of our stakeholders who may not appreciate the value we create, or our potential. As I noted in a January 2020 blog:

Successfully showing our value is more than what we say. Indeed, it is all about delivering on that promised value. I’ve written extensively on how internal audit adds value, including dedicating chapters in two of my books to the subject. In my first book, Lessons Learned on the Audit Trail, I included a “Life Lesson” that provides particular insight on this subject:

“Your key stakeholders have the last word on whether you are doing your job well.

April 11, 2021

Six Questions Boards (and Internal Audit) Should Ask About Cybersecurity

For more than a decade, cyber-related risks have been at or near the top of all risks faced by organizations around the world. Too often, cybersecurity breaches of devastating proportions have wreaked havoc operationally, financially and reputationally for organizations, often destroying value and catching management, boards and internal auditors by complete surprise.

In this day and age, how anyone can be surprised by a cyberattack is beyond me. Yet, according to IIA research, corporate board members often maintain a misplaced level of confidence in the effectiveness of cybersecurity risk management. From my experience, internal auditors are often not much help because they struggle with adequate resources and a lack of expertise to assess the effectiveness of this critical risk.…

April 5, 2021

Five Goals for My Next Chapter on The Audit Trail

As the old saying goes, “when one chapter closes, another one opens.” For me, I recently closed the longest and most extraordinary chapter in my career when I stepped down as President and CEO of The IIA. As I have noted, it was not an easy decision, but it was the right decision for both me and The IIA. The IIA will benefit from new ideas and fresh leadership, and I am now free to pursue life as a “private citizen” again after more than 12 years of leading a complex global organization under the glare that came with being a spokesman for the internal audit profession.…