Five Internal Audit Resolutions for 2018 and Beyond

When a new year dawns, people tend to embrace it with optimism and confidence despite the uncertainty that lies ahead. I don’t know whether this hopeful outlook is driven by the celebration that surrounds the date or whether that optimism is what drives the merriment. Whatever the case, the New Year also pushes us to set goals and resolve to better ourselves.

My custom for the past several years is to use my first blog post of the year to set out New Year’s resolutions for the profession that highlight emerging or anticipated issues. For example, the upcoming May 2018 deadline to meet new European Union rules on personal privacy protection would meet the criterion. This year, however, I’m taking a more strategic view that sets out resolutions that will help practitioners become more engaged and future focused in 2018 and beyond.

Like never before, stakeholders are turning to internal audit to help the organization navigate risks and opportunities. To me, this is clear evidence that the profession is making steady progress toward earning “a seat at the table” and becoming the trusted advisor in every organization. We must, therefore, focus on developing new skills to meet new demands and draw on the fortitude and courage needed to take difficult challenges head on.

These five resolutions will help us get there.

Maintain a Laser Focus on the Horizon Over the past year, I have frequently used the analogy of weather to describe the work we do, and it fits into this resolution. Internal auditors should position themselves to become the Doppler radar for emerging risks that threaten their organizations.

For many, this will require stepping out of the traditional comfort zones of financial, compliance, and operational internal auditing. However, we cannot offer our organization that crucial glimpse beyond the vanishing point without understanding broader strategic risks driven by geopolitics, macroeconomics, cybersecurity, technology, and other factors.

Take the Offense in the War on Talent One of the greatest challenges we must overcome is to obtain and retain talent. If we are to not just meet but exceed growing stakeholder demands, we must ensure we have the necessary resources and skill sets on hand. This begins by understanding the unique risk pool for your organization and the industry in which it operates. For example, the risk pool for finance is worlds apart from the risk pool for chemical manufacturing. Once you have a handle on those risks, recruit or train staff that is attuned to those areas and has the requisite skills to audit them.

We also must hire talent or secure co-sourcing relationships that allow us to expand and improve our ability to audit specialized risks or those that require specialized expertise. We cannot look away from risks simply because we do not have the expertise to address them.

Sharpen and Deploy the Best Navigation Tools Technology has always provided the means to attain higher levels of efficiency and efficacy. We must become expert at employing the tools available to internal auditing from audit management systems, data analytics, and artificial intelligence to new technologies that will inevitably emerge. The challenge is to identify and embrace technology that will make internal audit functions agile and future focused.

Innovate Your Way Through Transformation Disruption often presents lethal risks where only innovation can provide the path forward. Internal audit should champion transformation built on innovative thinking and actions.

This may require some changes if the corporate culture is averse to failure. Innovation involves trial and error, so a culture that punishes or fixates on failure will struggle to innovate. One important caveat is to not simply conflate innovation with technology. While technology often drives and supports innovation, the two are not synonymous. 

Sail Toward the Storms Great internal audit departments do not fear difficult or uncomfortable topics. They sail toward the storms in order to alert management and the board when risks are not being managed and controls are not adequately designed and implemented.

In a blog post last year I wrote that internal audit may sometimes be the lone and unwanted voice alerting the organization to risks or problems. This at times places practitioners in the crosshairs of those who are quick to shoot the messenger. Do not let this discourage you. The best internal auditing requires courage, and courage does not wait for a chorus.

As always, I look forward to your comments.