Internal Audit Imperatives for the Decade Ahead

In late December, I wrote about the five events that defined the past decade for internal auditors. It is too speculative (and far too early) to predict any defining events for the next decade. However, I do have some views on key imperatives that internal auditors must pursue if we are to build on the success we enjoyed during the past 10 years.

The IIA’s Global Board of Directors recently updated The Institute’s five-year strategic plan. Included in the plan is a preferred milestone that internal auditing be “universally recognized as a profession” by 2014. No one is debating how far we have come as a profession. However, being universally recognized as a profession is still aspirational, and is an indication of the distance we still must travel.

As I look at the decade ahead, I am confident that The IIA will do its part to elevate the stature of the profession around the world. We will establish a clear and concise definition of internal audit’s value proposition, implement and communicate an International Professional Practices Framework worldwide, and continuously advocate the value of the profession to key stakeholders around the world. However, even if The IIA successfully accomplishes all of these strategies and more, any progress in further elevating the stature of the profession will need to be reinforced by internal audit professionals in the “trenches.”

In the past decade, we elevated our stature as a profession by:

• Helping our organizations navigate the demands of new legislation​ and regulations related to financial controls.
• Becoming champions for effective enterprise risk management.
• Becoming a respected source of talent for our organizations.
• Diversifying our focus and demonstrating our value in the face of a global economic crisis.

In the decade ahead, I believe there will be even greater challenges than those we successfully navigated in the past. I have already commented on the overarching need to provide assurance to our boards on the effectiveness of risk management. Below, I have identified five additional imperatives that I believe must be addressed in the coming decade — and the sooner the better:

• Expand our capabilities to continuously assess risks.
• Enhance our proficiency in data mining and analysis.
• Better integrate the deployment of IT and non-IT audit resources.
• Become more effective in communicating our value proposition to our immediate stakeholders.
• Enhance our coordination with other risk and compliance functions in our organizations.

In the coming weeks, I will expand on these in my blog and invite your perspectives on these and other imperatives that we must pursue.