This year marks the 40th since I began my career in internal auditing. I have seen huge changes over that time, not only in technology and a global marketplace that drive and influence risks to organizations, but also in how our profession is viewed by those in the C-suite, the boardroom, and even the media and public.
As our profession evolves and matures, we are taking on more and more responsibilities. Key among them is the constant battle against emerging risks. Simply put, if we are to serve our organizations well, we must identify and address major risks on a continuous basis.
Long gone are the days when internal audit focused solely on financial and internal control matters. Few organizations can afford to use their internal audit function in such a limited way. Today, the profile of the high-performing internal audit function must include skill sets required to meet a growing array of emerging risks.
Based on meeting with thousands of talented internal audit professionals, I have every confidence that we will rise to any challenge. Over the decades, dedicated and innovative thought leaders have helped shaped and prepare internal audit, and a new generation of chief audit executives is eagerly taking on new challenges.
This knowledge helps me keep things in perspective when I see information about internal audit that might be cause for concern. The 2015 North American Pulse of Internal Audit, released last week in conjunction with our annual General Audit Management (GAM) conference in Las Vegas, includes findings that might prompt those who do recognize the resiliency of our profession to question whether internal audit is up to the tasks it is being asked to take on.
For example, the survey found that fewer than 4 in 10 CAEs are strongly confident in their ability to identify and respond to emerging risks in a timely manner. That tepid confidence is fueled, in part, by audit departments not having all of the skills needed to address complex emerging risks. The Pulse report also found that internal audit may soon face a potentially significant talent shortage, especially in areas such as cybersecurity and data mining and analytics.
Each of those situations presents significant challenges. Combined, they present a real threat to an internal audit profession trying to keep pace with growing stakeholder demands. There are additional findings from this year’s Pulse report that offer opportunities for internal audit to raise its game.
Keep in mind, the Pulse report is not designed to find fault in the internal audit function. It is intended to provide CAEs with perspectives on a range of issues that afford opportunities for their departments to enhance performance and address emerging challenges.
Pulse also provides great fodder for frank discussions on how we are doing as a profession. Stay tuned. A number of my future blogs will focus on strategies for addressing some of the challenges highlighted in this year’s North American report.
But the big takeaway from the 2015 Pulse of Internal Audit seems pretty clear: It is a call to action for CAEs. Internal audit must improve its ability to identify and respond to emerging risks, and there are challenges and complications on the horizon that could make that even harder than it already is.