Should Internal Audit Change its Name?
Internal Auditors Can’t be Change Agents if They’re Secret Agents
April 18, 2021
Why I Chose AuditBoard as the Next Step on My New Journey
May 5, 2021
Over the four decades that I have been part of the internal audit profession, I have been struck by how often I have heard the refrain – “Internal audit should change its name.” The idea is typically suggested as a way to avoid what some view as a negative stigma associated with internal audit. During my years at The IIA, I quickly shot down such ideas as unnecessary and counterproductive. After all, I headed “The Institute of Internal Auditors!” However; as I noted in my recent blog on personal goals for myself, I need to be more open to alternative views and be courageous enough to reexamine long held personal preferences or beliefs.
Recently, I was engaged in an exchange with a respected colleague who suggested once again that internal audit change its name. I still wasn’t convinced that would be good for our profession, but I decided to cast a net across the global profession to hear what others think of the idea. So, I posted the question to my 24,000 LinkedIn connections by queuing up this post:
For years, people have proposed changing the name of internal audit. Some departments have changed their name. If you have/were going to call internal audit by a different name, what would it be?
I thought it would stimulate a little conversation, and that I would receive a handful of ideas that would help me better understand contemporary thinking on the topic. I was not prepared for the overwhelming response. The post has been viewed more than 28,000 times and has garnered more than 250 reactions or comments. Even though I was grateful to all of the respondents, I was very careful not to weigh in on the discussion, or tip my own thinking. In the end, the 143 comments and suggestions for new names offered valuable insight on this timeless question.
It should be noted up front that 20 respondents didn’t take the bait. They did not believe there is any reason to change the name, and some felt that it would be a step backwards for the profession. The rest either felt strongly that we should change the name, or offered a name they would choose if they could no longer be called internal audit. In all, 45 unique names were offered for the internal audit function (although many were very similar).
- The most popular choices were:
- Assurance and Advisory Services
- (Corporate) Audit Services
- Risk Assurance (and Advisory or Consulting)
- Management Assurance
- Internal Controls (Audit/Assurance)
The most common words in the new titles were:
- Assurance – 16
- Corporate/Business/Enterprise – 14
- Advice/consulting – 12
- Audit – 11
- Risk – 5
As I was analyzing the scores of suggestions I received to this post, I began to notice a fascinating trend. The words that appeared most often in the suggested new names for internal audit were in fact not new at all. The names being offered for internal audit were often just repackaged terms out of The IIA’s globally recognized definition of internal audit:
Internal auditing is an independent, objective assurance and consulting activity designed to add value and improve an organization’s operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes. (emphasis added):
In fact, more than 75 percent of the proposed “new” names for internal audit drew one or more of their terms from the current definition. So what should we make of these results? My take is that any concerns are more about branding than definition. There doesn’t appear to be as much concern about who we are and what we do as there is about how we present ourselves or how we are perceived.
I have always been very comfortable with how internal audit brands itself in an organizational context. Calling a company’s internal audit function “Corporate Audit Services” or “Risk Assurance” makes perfect sense to me. As one respondent noted, the Big Four firms don’t call themselves “the external audit firm,” so why should we be constrained in every instance to calling ourselves “the internal audit department?”
The brand name for the internal audit department doesn’t define what it does. As long as the internal auditors who comprise the branded departments conform to professional standards, we should all applaud their efforts to enhance their brands. I believe it denotes a level of creativity and flexibility within our profession that we don’t see enough.
Finally, some of the respondents were clearly having fun with my question. I will close by sharing some of the more humorous/creative suggestions for internal audit’s name:
- Protectors Of The Realm
- The “CYA” Department
- Friendly Fire
- Mirror
- Domestic Assurance
Come to think of it, I kind of like “Protectors of the Realm.”
Please share your thoughts on my views or other suggestions for a new name for internal audit.
7 Comments
Richard, first I’m so glad you are being more open to new ideas…always a challenge but also always worth the effort. I 100% believe that the new name changes are more about the brand than a comment on what we do…but if there’s anything that I’ve learned over the last few decades in business is that branding matters! Chief Information Officers are now Chief Technology Officers, Chief HR Officers are now People Leaders, and countless more. Interestingly, I’ve always felt that it was the definition itself that needed a bit of re-wording. Lastly, more important than what we call ourselves (I prefer Enterprise Assurance & Advisory), is that we *live* our brand promise…which is to bring value to our enterprises in the way that we uniquely are positioned to! Be well.
Thanks Susan:
Your analogies are on point. This profession has been in evolution since its inception. I fully support those who who bring transformational thinking and action to what we do and who we are.
Regards –
After your post “Should Internal Audit Change its Name?” was published, “Friends of Internal Auditing” WeChat official account published its Chinese translation in time.
In addition to its WeChat official account, Friends of Internal Auditing brings together more than 3,000 internal audit professionals in seven WeChat groups of 500 people.
In response to your question “For years, people have proposed changing the name of internal audit. Some departments have changed their name. If you have/were Going to call internal audit by a different name, what would it be?” We did a survey here.The group’s response was surprisingly strong.
Here is the feedback from the groups:
1. Audit & Legal Department. Many national enterprise are Audit & Legal Department. But I think it is unreasonable to put audit and legal together.
2. Audit & Risk Department
3. Audit & Risk-Control Department
4. Supervision & Audit Department
5. Audit & Compliance Department +1
6. Audit Department
7.Risk-Control & Audit Department +3
8, Risk-control & Audit department, I support this, now the audit department is not only to do the audit, to find problems, but also to carry out risk-control, control the risk in advance, to avoid the further expansion of the loss, become the boss’s financial strategist.
9.It doesn’t matter what it is called, as long as it can control the risk, solve the problems, and add value to the boss, this is what the auditor should do.
10. Suggest replacing “internal audit department” with “compliance operations department”
11. Audit & Supervision Department. Auditing is focused on business and Supervision is focused on people, and neither participates in day-to-day operations to maintain independence
12. Risk-control Department
13.We put Audit and Legal affairs together 18 years ago, and we put Audit and Discipline-inspection-commission together 18 years later
14. Internal-control center
15. Risk-Control Center
16. Supervision Center
17.Oversight & Audit Department
18.Internal audit department is the most appropriate, in a strict sense, internal control, risk control, supervision are not the last line of defense of the enterprise, with the audit function is not the same.
19. Corporate Governance Department
20. Department of Oversight
21. Operation & Compliance Supervision Department
22. Audit Department, Supervision & Audit Department, Audit & Supervision Department, Audit & Internal-Control Department, Risk Management Department.
23. Management & Promotion Department
24.If you call the other, it really becomes the department within the unit, and the independence is not guaranteed.
25.If it is not called the internal audit department, it is neither characteristic nor accurate.
26.We call it the Audit Department, plainly and simply.
27.From the Audit Department into the Oversight & Audit Department
28.What we do is, The Inspection Department and the Audit Department were merged. Previously, the Supervision Department was responsible for supervise and handle, including but not limited to asset acceptance, handling complaints and other work.Now one department, two teams, do their own work, do not interfere with each other.This is currently our internal audit can do, to ensure that the internal audit is relatively independent of the maximum limit, feel that we are marginalized.
29.Add modifiers in front of the audit, there is a weakening of the audit, The government is advocating the full coverage of the audit.
30.Risk & Control Audit Department, Legal & Audit Department, Audit Department
31. Dongchang(The secret service of the Ming Dynasty in China. –translator)
32.the Audit Office, Audit Room, Audit Center and Internal-Control Center
33.Legal & Audit Center
34.Military Intelligence 6
35.It is called the Audit Department at the headquarters, and the Internal-control Department at the grassroots level
36.Jinyi Wei(The secret service of the Ming Dynasty in China. –translator)
37.Royal doctor(imperial censors of Ancient Chinese. –translator)
38. Inspector officials(Official posts in ancient China. –translator)
39.On His Majesty’s Secret Service
40.To be low-key, So, In private, I called myself into the underground party.
41.Recently, we also changed into theSupervision & Audit Department, but soon found that Discipline Inspection also has the function of supervision.
43. In state-owned enterprises,Most of the functions of supervision are assumed by the Discipline Inspection supervision
I missed the question on LinkedIn but glad to contribute here after reading the analysis. For me, internal audit works just fine and I am proud to be called an internal auditor. I believe what is lacking and has been for a long time is appreciation of what internal audit is all about. Many, particularly audit clients, still associate the role with negative ramifications. Changing the name won’t change that and internal auditors should be more concerned about changing the perception about what they are all about, then and only then can a name change make sense. I would therefore surmise to reflect on why a name change is necessary. If it’s “to avoid what some view as a negative stigma associated with internal audit”, as you correctly suggest Richard, then more than just a change of name is required.
I totally support it! Words have meaning. Branding matters.
It is remarkable, this rather valuable opinion
In my experience so far as an Internal Auditor, I have seen process owners getting worked up from the word go in case of a new internal engagement. It was very surprising for me initially when I thought the about the reporting lines and our role to add value to our stakeholders. Why then was there so much resistance among teams? Only with experience I realized that the approach adopted traditionally by auditors was to keep these process owners on lines of fire in case of any shortcomings observed during the audit. The approach was heavily biased on fault finding than actual value creation. Which is when I started going out and having a conversation with all my process owners regarding the real reason behind the audit. And I feel more than the re branding we need to step back and re approach the issue from the perspective of value addition, positive assurance and handholding. Just think of the synergies we can create if the process owners cooperate during audits.