Four Strategic Risks Internal Audit Faces in the Decade Ahead
5 Frequent Sources of Tension Between Management and Internal Audit
August 16, 2021
“When Management Goes Rogue” – How Should Internal Audit Respond?
August 29, 2021
Last January, I shared perspectives about a recently released World Economic Forum Report on “The Future of Jobs.” In my blog, I shared that a magazine article from the International Monetary Fund had synthesized the WEF’s report’s findings in a way that shed some light on what the future might look like for internal audit. As I observed at the time:
“Unfortunately, it’s not the kind of news we want to hear. The article, by Saadia Zahidi, a co-author of the WEF report, is titled “The Jobs of Tomorrow.” Zahidi shares four compelling predictions:
- The workforce is automating faster than expected, displacing 85 million jobs in the next five years.
- The robot revolution will create 97 million new jobs.
- In 2025, analytical thinking, creativity, and flexibility will be among the most sought-after skills.
- The most competitive businesses will focus on upgrading their workers’ skills.
Those predictions are not too alarming for our profession, but then comes the grim news: The article reproduces findings of the WEF report that predict 20 jobs with increasing demand and 20 with decreasing demand. You may have guessed by now that auditors are on the wrong side of the grid. In fact, coming in at No. 3 on the list of jobs with decreasing demand is ‘accountants and auditors.’”
More than 6-months later, I am still troubled by the predictions in the report and article cited above. Every profession faces strategic risks that could hamper its effectiveness or even result in its demise. History is rife with examples of trades or professions who were once in high demand, then suddenly found themselves replaced or disintermediated by technological advances. No one is suggesting the coming decade will present existential threats to the internal audit profession. However; we should always be looking forward with an eye toward emerging risks that we may face as a profession.
In the past decade, I have written and spoken often about the strategic risks the internal audit profession faces. In 2014, I shared with the profession my belief that the top strategic risks internal audit faced were:
- The credibility of the profession would be diminished by too many “where were the internal auditor moments”
- Key stakeholder perceptions of the profession would decline as we relied too heavily on assurance to the exclusion of insight and foresight
- Noncompliance with standards would diminish the quality of our work and impact our credibility
- Blurring lines of defense would afford management the opportunity to rely on other monitoring and oversight functions in lieu of internal audit
- Inability to recruit and retain talent to address technology risks
In an effort to update the strategic risk outlook for the profession for the remainder of the 2020’s, I recently posted a LinkedIn poll to survey the profession on four strategic risks that are often mentioned for the internal audit profession in the decade ahead. More than 700 internal respondents to the profession weighed in on the question: “Which of the following do you believe is the most significant risk facing the internal audit profession in the decade ahead?” Their votes on the poll and comments were insightful. They rated the most significant strategic risk for the internal audit profession as follows:
- The internal audit profession keeps missing emerging risks – 43%
- The Inability to attract and retain talent – 22%
- Stakeholder audit fatigue – 20%
- Technology advances such as artificial intelligence and robotics process automation will make internal audit obsolete 15%
There is a lot to unpack in the results of that brief poll, so I will leave readers with the summary result in this blog, and delve deeper into each of these strategic risks in upcoming articles.
In the meantime, it’s important to remember that in addition to risks, the coming decade presents us with ample opportunities. As I noted in my January blog:
“If we are mired in auditing of financial reporting controls, we are likely at risk based on this report. However, there is ample evidence from this same list of jobs with increasing demand that the future is bright for us. Five that stuck out to me:
- Risk management specialists.
- Strategic advisors.
- Management and organization analysts.
- Organizational development specialists.
- Information security analysts.”
As always, I welcome your views on the strategic risks facing the profession.
4 Comments
Richard – The fact that they lump accountants and auditors together may reflect an image of external audit, rather than internal audit. Absolutely, as things continue to automate, the ability to apply GAAP (and verify it) can become increasing automated and AI driven. But for internal audit, we have a range of possibilities depending on how you view its role. At one extreme are those who believe that internal audit is all about verifying compliance — making sure that GL tickets are initialed. At the other are those who believe that internal audit is about critical reexamination of strategies and risk in support of executives and directors. For those in the former group, the future doesn’t look good. For those in the latter, I believe our skills will be in greater demand than ever. The challenge, then, is to shape our profession to focus on critical thinking skills, seasoned with a tenacity for root causes, and applied within a value-focused framework. And lastly, we must be able to communicate our work in a meaningful way.
I can’t help to wonder if internal audit should be included in the “accountants and auditors” category in the WEF report? Perhaps there in lies to the problem? We are not accountants by default, nor is accounting our key discipline. “Auditor” is also often used to refer to accountants, not internal auditors.
[…] mentioned Chambers. “While you begin to take a look at these seven that we highlighted in a blog not too long ago, primary was cybersecurity. It dwarfed each different threat when it comes to what […]
[…] year,” said Chambers. “When you start to look at those seven that we highlighted in a blog recently, number one was cybersecurity. It dwarfed every other risk in terms of what internal […]