5 Resolutions for Every Internal Auditor’s List in 2015

This time each year, many of us reflect upon our accomplishments and identify areas for self-improvement, whether it’s to eat better, exercise more, or simply cut out some bad habits. Great ambitions, but not always great results​. The same might​ be said for New Year’s resolutions around career success. Many of us set professional goals but struggle to fulfill them.

Don’t let past regrets or fear of failure hold you back. I believe it’s important to always set our sights high, but that doesn’t mean they cannot also be realistic and achievable. So, in keeping with my tradition of using my first blog of the year to suggest some New Year’s resolutions that can raise the bar for internal auditors and the profession in general, here are five for 2015 that can be achieved by any reasonably motivated internal auditor.

Resolution 1: Chart a Strategic Career Path

New Year’s resolutions often start with taking a hard look at one’s self and comparing where you are now with where you would like to be. If your plans include a successful career in internal auditing, this means charting a strategic path for your future.

There are many ways to do this, but key is to evaluate your proficiency regarding specific skills that are essential for success in your current role and for career advancement. This will help you determine what you need to do to close any gaps and move to the next level. If your long-term career goals lie outside the internal audit profession, you might need to modify your approach, but even if your tenure in internal auditing is expected to last only a few years or so, I encourage you to examine your capabilities and how you might make improvements.

Back when I was an aspiring internal audit professional, I maintained a career development plan the old fashioned way — using pen and paper. However, The IIA now offers its members a free online tool, IIA Career Map, which can provide invaluable insight on your career path and help you get from point A to point B — and beyond.

Resolution 2: Provide Impactful Assurance on the Effectiveness of Governance

The Definition of Internal Auditing states that internal auditors should provide assurance on governance, risk, and control. While we generally do a great job addressing risk and control issues, many of us are less comfortable providing assurance on governance. Various internal audit executives — and even a few audit committee members — have told me that their internal audit functions do not provide adequate assurance on governance because their internal auditors do not have the skills to tackle such issues effectively.

Major failures, such as those at Enron and WorldCom, clearly demonstrated that corporate governance failures can be lethal for a company — no matter how large the firm. If your internal audit department does not have strong capabilities for providing assurance on governance, enhancing your knowledge and abilities in this essential area might be your most important New Year’s resolution ever.

Resolution 3: Accelerate Your Detection of Emerging Risks

As I mentioned in an earlier blog post, “Auditing at the Speed of Risk!”, today’s risks are more dynamic than ever. In the current environment, annual risk assessments are insufficient to identifying emerging risks. We must therefore adapt our approach to internal audit planning so that we can audit at the speed with which risks will materialize for our organizations. That means early detection is imperative. And even after emerging risks are identified, appropriate internal audit coverage must be scheduled and undertaken, and management will need time to address the issues.

If a robust risk management system is not in place, you may need to identify leading risk indicators, develop risk dashboards, increase the frequency of risk assessments, or take other measures to help ensure your organization knows what’s on the horizon — and beyond.

Resolution 4: Build Deeper Relationships

According to all the experts, strong working relationships are crucial to effective internal auditing. It’s not possible (or even necessary) to develop deep friendships with everyone we meet, but our stakeholders must be comfortable coming to us with problems, and we need to be able to deliver messages that are frank and transparent while maintaining that comfort level.

Building and sustaining productive relationships can mean success or failure for internal auditors and their organizations. According to a Deloitte white paper, The Broken Triangle? Improving The Relationship Between Internal Audit, Management, And The Audit Committee (PDF), symptoms of disconnect between internal auditors, management, and audit committees include financial restatements and missed earnings, material weaknesses, regulatory noncompli­ance, contentious or ineffective board meetings, turnover, excessive litigation, and failed alliances.

Simply, those disconnects must be overcome, and that requires effective, two-way communications.

Resolution 5: Stay on Top of Cyberrisks

As was saw in 2014, internal auditors must be alert to significant technology risks that can impact objectives, operations, or resources. IT lies at the heart of modern business risks and controls, and even if your internal audit function includes IT specialists, it’s not sufficient to count on these specialists alone to handle every issue related to technology.

We all need sufficient knowledge of key IT risks and controls and available technology-based audit techniques to perform our assigned work. The risks are growing and evolving at the speed of light. So, even if your understanding of technology was adequate for last year’s challenges, you must up your game this year and develop an even deeper understanding of current and emerging risks, controls, and governance.

A great resource for internal auditors and their stakeholders who seek to better understand cybersecurity risks is a joint IIA Research Foundation/ISACA paper, Cybersecurity: What the Board of Directors Needs to Ask. Regardless of the resources you use, don’t overlook the significant risks that cybersecurity issues pose for your organization in 2015!

Whether you adopt all or only a few of these resolutions, the beginning of a new year marks a natural opportunity to step back and identify priorities for yourself personally and professionally. I wish you the very best in 2015 and throughout your career in internal auditing.​