In a blog last January, I shared “5 Resolutions for Every Internal Auditor in 2016.” At the outset of the year, I urged members of the profession to:
As we enter the second half of 2016, I still believe these are initiatives worth the pursuit of everyone in our profession. However, the events of the first half of the year have also highlighted some ongoing and emerging trends that warrant our continuous focus. While I have referred to some of these trends in the past, fresh data and recent events reaffirm these are trends worth watching and addressing for members of the internal audit profession.
Despite the occasional criticism of internal audit, the profession continues to ride a decade-long wave of enhanced stature and growth. During that period, we have seen transformation of reporting relationships – often at the behest of regulators who recognize that independence is vital for internal audit functions. In 2016, almost half of CAEs worldwide indicate that they report administratively to their CEOs, and 70 percent report functionally to either the audit committee or full board of their organizations. Stature is being enhanced hand-in-hand with growth in the profession. If one assumes that IIA membership reflects trends in the growth of the profession, then the number of internal auditors worldwide has increased more than 60 percent since the end of 2005. Even more impressive, The IIA’s membership growth would indicate that the profession has grown almost 20 percent since the onset of the global economic crisis in 2008. It is an impressive feat to record that level of growth during a period in which corporate spending and profits were under extraordinary pressure.
As I frequently observe, the enhanced stature and growth of the profession is a reflection of the value being derived by internal audit’s stakeholders. After all, one would rarely invest more resources in a sub-optimal product. However, in 2016, we are hearing directly from internal audit’s stakeholders thanks to the most comprehensive global stakeholder survey ever undertaken. In the soon-to-be-published CBOK report “Voice of the Customer – Stakeholder’s Messages for Internal Audit,” more than 90 percent of stakeholders say they believe their internal auditors assess areas that are significant to their organization, and almost 90 percent report that internal auditors are assessing their organization’s financial, operational, and compliance controls. Nine out of 10 respondents also believe their internal auditors keep up to date with changes in the business and industry. Despite all the good news, there still is work to be done. According to the survey, more than 70 percent of stakeholders want to see their internal auditors focusing beyond assurance and (1) consult on business process improvements, (2) facilitate and monitor effective risk management, and (3) alert management to emerging issues and challenging scenarios.
For more than two years, I have been emphasizing the need for internal auditors to audit at the speed of risk. The first half of 2016 has reaffirmed that we live in an era of extraordinary volatility. Consider that in the first six-months of the year, the world has seen a collapse and partial recovery of oil prices, an epidemic of incredibly violent and tragic terrorist attacks on virtually every continent, a political climate in America that is virtually unprecedented in terms of its unpredictability, and the unforeseen vote by U.K. citizens to leave the European Union and the resulting plunge of the Pound Sterling and Euro against the dollar. Each of these developments would have been unthinkable a year ago, and would have not likely been on many risk assessments. As internal auditors, we must constantly reassess risks and revise our audit plans accordingly.
In 2015, culture-induced scandals were a regular feature. In 2016, the aftershocks of these scandals are continuing to reverberate. In some cases, the role of internal audit (or lack thereof) is being cited as a contributing cause or concern. As I noted in a recent blog, two investor groups urged rejection recently of a vote of confidence in VW’s management board. The message from one of the groups is that VW continues to have overlap in major shareholder and controlling functions, has a pay structure excessively linked to sales, has no whistleblower program, and has an inefficient internal audit function. Recent allegations of corporate misconduct such as those involving Mitsubishi Motors, and breaking allegations involving an executive at Fox News in the U.S. promise to keep corporate scandals in the headlines for the remainder of the year. All of this serves as yet another reminder to internal auditors to be attuned to corporate culture and assess the role it can play as a root cause in corporate failures or scandals.
The emergence of new and complex risks continues to challenge the profession’s ability to address challenges facing their organizations. Technology risks are the most obvious, but other risks are taxing the ability of internal auditors to meet the rising expectations of key stakeholders. In a recent survey, only 19% of internal auditors considered themselves experts at applying their organization’s risk framework in audits. As a result, recent IIA surveys disclosed the widespread use of third-party service providers to augment internal audit capabilities as a result of limited skill sets or staffing. As new risks emerge, it is likely that the “war for talent” will intensify those risks.
There are a number of actions that internal auditors can take in response to the ongoing/emerging trends outlined above. The most important strategy for success is for auditors to keep their eyes and ears open and respond as quickly as possible when risks or opportunities materialize.
As always, I welcome your thoughts.