Final Reflections on Internal Audit’s Decade of Progress

In the past 10 years, many significant events have occurred that have dramatically altered the risk landscape that internal auditors must navigate. From strict new post-financial crisis regulations, to an explosion of cyber attacks, to the emergence of risks related to artificial intelligence, data ethics, and privacy, the decade has reshaped the work of internal audit.

Many of these changes will have lasting and profound impacts on how the profession serves the public interest. They offer challenges that will test our ability to provide independent assurance and support sound corporate governance. They also offer great opportunities to position internal audit as a true partner to the board and executive management.

As we come to the close of the decade, I am struck by how much our stakeholders’ views of the profession have evolved in the past 10 years. I have written many times that internal auditors are not just “bean counters” focused solely on an organization’s finances. I sincerely believe that stereotype is fading away.

Two new products introduced this year by The IIA reflect the profession’s evolution. The OnRisk 2020 report, published in October, appropriately places internal audit as one of the three pillars of risk management, along with the board and executive management. The new American Corporate Governance Index — and related Guiding Principles of Corporate Governance — equally elevates internal audit’s role as one that is vital to sound corporate governance.

Every decade offers opportunities for growth and evolution, and we are poised at the cusp of a new decade that promises great things for internal auditing. In my role as president and CEO of the most widely recognized internal audit advocate, educator, and provider of standards, guidance, and certifications, I am often cast as a cheerleader for the profession. It is a role I am happy to take on. But I also have served in or served the profession for more than 40 years, which I humbly submit makes my observations more than just promotional.

Guiding the internal audit profession has been The IIA’s mission for nearly 80 years. It includes providing the thought leadership, practice guides, and tools for the modern internal auditor to execute his or her job at the highest levels, even as that job becomes more complex, dynamic, and fast-paced.

Over that time, The IIA has evolved from a group of dedicated and forward-thinking volunteer leaders to a professional organization that employs more than 200 dedicated workers in its global headquarters and depends on the insights and hard work of thousands of volunteers globally. I believe the coming decade promises great things for The IIA, as we leverage new technology to improve how we deliver our products and services. 

Supporting the professional needs of practitioners across the globe is a daunting task, but it is one The IIA is well-positioned to undertake. In the coming decade, we will work tirelessly to seek new ways to help our members grow. Innovation will be vital to that effort, as it will be for internal auditors who must change and adapt to meet the demands of their jobs. Practitioners who invest in training and certifications, attend professional conferences, and seek out networking opportunities will position themselves well to succeed.  

Any profession that goes through dynamic change must rely on its foundations to weather the transformation. For internal auditors that foundation is codified in the International Standards for the Professional Practice of Internal Auditing and the Core Principles for the Professional Practice of Internal Auditing. Not only do these documents provide foundational direction, they also prove that our bedrock beliefs as internal auditors are sound and resonate across cultures, geographies, and time.

Nothing gives me more comfort about internal auditing’s future than knowing the Standards, Core Principles, and other components of the International Professional Practices Framework are guiding practitioners around the world. They have been tested and proved, and they remain as relevant today as when they were first articulated.

It is natural to be reflective and nostalgic in milestone moments. I thank my readers for allowing me this opportunity to look back. It is a happy coincidence that the Chambers on the Profession blog, soon to launch its 12th year, fully encompasses the decade that is coming to an end.

After more than 400 blog posts, it’s hard to imagine there are subjects still left to cover or insights yet to be shared. However, anyone who has spent time in our profession understands it is ever-changing, and the challenges and rewards it offers are varied.

Corporate governance, culture, cybersecurity, artificial intelligence, data ethics and privacy, regulatory change — the list of new and evolving risk areas goes on and on. Yet, as practitioners, we should be excited and energized about what the 2020s hold for us. The IIA will be with you every step of that journey.

As always, I look forward to your comments.