I’ve heard my share of jokes about internal auditors over the years. Most of the time, I can laugh them off. After all, there are jokes about every profession — doctors, lawyers, accountants, and even CEOs. Why should internal auditors be any different?

But every now and then, a joke lands a little too close to home. I remember being at a conference years ago when the speaker asked:

“How many internal auditors does it take to screw in a light bulb?”
The punchline: “It depends. How many did it take last year?”

At first, I chuckled. Then I paused. The sting of truth was hard to ignore.

When I first heard that joke, it reflected a perception that internal auditors were creatures of habit — performing the same audits, with the same number of people, and often producing the same recommendations year after year. The implication was that we were not risk-focused but process-bound. We had become known less for adaptability and more for predictability.

Fast forward to 2025, and the world around us has changed dramatically. Risks are more dynamic, businesses are transforming at lightning speed, and technology — particularly artificial intelligence — is rewriting the rules of the game. Yet the joke still lingers. If anything, the danger of being perceived as “stuck in last year’s audit” is greater now than it was then.

The Creature-of-Habit Trap

Internal auditors are by nature disciplined, structured, and process-oriented. Those traits are among our greatest strengths. But they can also be a liability. When we rely too heavily on last year’s risk assessment, last year’s workpapers, or last year’s audit plan, we run the risk of becoming irrelevant.

AI is already exposing this weakness. Today, management and boards expect real-time insights, predictive analysis, and foresight — not just retrospective assurance. If internal audit is simply repeating what it did last year, AI-enabled tools and continuous monitoring systems will quickly outpace us.

Why the Joke Still Resonates

The reality is that our stakeholders may see us as slow to change because, too often, we are. Businesses are deploying AI to automate processes, detect anomalies, and anticipate emerging risks. Regulators are experimenting with AI-enabled oversight. Competitors are leveraging AI to seize market advantages. And yet, many internal audit functions are still hesitant to aggressively embrace AI to transform how we assess risks, conduct fieldwork, or report results.

So, when someone quips, “How many internal auditors does it take this year?” and the answer is still “the same as last year to do the same audit,” it raises a fair question: are we keeping pace with the risks we’re supposed to monitor?

Breaking Free With AI

The future relevance of internal audit depends on our ability to break free from the creature-of-habit trap. That doesn’t mean abandoning rigor or discipline. It means reimagining how we apply them.

• Risk assessment must be continuous. Annual assessments are no longer sufficient. AI-enabled risk sensing tools can help us capture and interpret risk signals in real time.
• Audit programs must be dynamic. Instead of carrying forward checklists from last year, we must harness data analytics and AI to tailor our procedures to today’s risks.
• Reporting must deliver foresight. Stakeholders don’t just want to know what went wrong last quarter. They want insight into what could go wrong next quarter — and what can be done to prevent it.
• Our mindset must shift. AI will not replace internal auditors, but internal auditors who fail to embrace AI will find themselves replaced by those who do.

Finding the Truth in the Joke

The next time you hear that light bulb joke, don’t just laugh and move on. Ask yourself: Am I doing the same work this year because it’s still the right work — or simply because it’s what I did last year?

If the answer is the latter, then the joke isn’t really funny at all.

To be clear, I am not suggesting we need fewer internal auditors if we leverage AI. But if we can execute internal audits more efficiently (and with fewer staff), it frees up resources to tackle more critical risks facing our organizations.

In 2025, the profession’s credibility and relevance depend on our willingness to change faster than the risks we audit. Let’s make sure the answer to the question — “How many auditors does it take this year?” — is always driven by today’s risks, not yesterday’s habits.