New Survey: AI is Driving Seismic Changes in Strategic Risks Facing Internal Audit
December 9, 2024The 6th Annual Internal Audit Beacon Awards
December 30, 2024Since launching my website in 2021, I have been blown away by the response from internal auditors and others around the world. A main feature of Audit Beacon is my blog, which I have been writing regularly for almost 16 years now. This year, I was wowed to learn that the blogs attract more than 100K regular readers who have engaged the content more than 600K times since January!
It always fascinates me to see how the most popular posts are those that connect the dots between the concerns and priorities of readers and, by extension, the internal audit profession. This year was no exception.
In 2024, readers gravitated toward subjects that helped them navigate the relationships with their audit committees, prepare for the launch of new global professional standards, and to understand the risks and opportunities that new technologies (such as AI) present to the profession.
With those themes in mind, here are my top blog posts for 2024:
- Where is the Audit Committee When the Head of Internal Audit is Being Fired? This January blog was the most popular one of the year, garnering 20,000 views in the first week alone. In the blog, I explored the troubling issue of audit committees failing to assert their authority when Chief Audit Executives (CAEs) are dismissed, often without their involvement or even knowledge. I recounted a specific case where a CAE was fired without the audit committee being informed, underscoring the critical role these committees must play in safeguarding the independence and effectiveness of the internal audit function. I emphasized that active participation in the hiring and firing of CAEs is essential for ensuring that internal audit remains objective and aligned with its mandate to serve as a cornerstone of organizational governance.
- 7 Things Every Internal Auditor Should Know About the New Standards – The 2nd most popular post of the year was a co-authored piece from February with Patty Miller for AuditBoard. In the blog, we highlight seven key changes in The IIA’s new Global Internal Audit Standards which had just been released. These included a new emphasis on serving the public interest, a more logical and seamless structure, increased prescriptiveness, a focus on strategic planning, enhanced responsibilities for boards, the introduction of topical requirements, and a stronger emphasis on quality assurance and improvement programs. We advised internal auditors to proactively address these changes to ensure alignment with the updated standards.
- 25 Internal Audit Influencers to Follow: In an annual piece that is always popular, I highlighted 25 influential internal audit professionals active on social media, representing 11 countries and averaging over 17,000 LinkedIn followers each. This diverse group includes consultants, audit managers, thought leaders, and authors who contribute significantly to the internal audit profession through their online presence. Additionally, I mentioned organizations with robust social media engagement advocating for internal audit, such as AuditBoard, Chartered IIA UK, and Global IIA. I encouraged readers to follow these individuals and organizations to stay informed about developments in the internal audit field.
- 7 Strategic Risks That Threaten the Future of Internal Auditing – In another January post, I identified seven strategic risks that could undermine the future of internal auditing: challenges in attracting and retaining talent, ineffective use of technology, failure to leverage artificial intelligence, insufficient IT expertise, inability to identify critical risks, stakeholder audit fatigue, and difficulties in recognizing emerging risks. I emphasized that addressing these risks is essential for the profession’s resilience and success.
- For Internal Audit, Complacency is Not a Strategy: In a March post, I emphasized that complacency is a perilous mindset for internal audit functions, particularly in today’s rapidly evolving business environment. I highlight the recent introduction of The IIA’s Global Internal Audit Standards, which now mandate that Chief Audit Executives (CAEs) develop and implement a strategic plan for their functions. Drawing from personal experiences, I recounted instances where a lack of strategic planning led to internal audit departments becoming unresponsive to organizational needs, ultimately resulting in their dissolution. I argued that complacency can create an illusion of safety, leading to missed opportunities and stagnation, and I advocated for proactive strategic planning to ensure internal audit functions remain relevant and effective
- The Art of Deceiving an Audit Committee: In October, I explored how audit committees can be misled through both deliberate misinformation and, more commonly, by the omission of critical information. Drawing from interviews with Chief Audit Executives (CAEs), I highlighted instances where management withheld details on issues like internal control deficiencies, whistleblower complaints, and emerging risks, often rationalizing these omissions to avoid overburdening the committee or due to premature disclosure concerns. I emphasized the importance of CAEs maintaining independence and courage to ensure audit committees receive complete and accurate information, thereby fulfilling their governance responsibilities effectively.
- A Jury Has Spoken: Retaliation Against an Internal Auditors Will Cost You Big! In May, I drew from recent news reports to discuss a significant legal case where a jury awarded nearly $3 million to a former Chief Audit Executive (CAE) of Western Washington University, who faced retaliation after uncovering fraudulent activities. This verdict underscored the severe consequences organizations can face when they retaliate against internal auditors performing their duties. I emphasized the critical role of audit committees and boards in safeguarding internal auditors, urging them to support audit efforts and prevent management from concealing wrongdoing.
- New Technologies Create New Fraud Risks That Internal Audit Can’t Overlook: In March, I discussed how emerging technologies are introducing new fraud risks that internal auditors must address. I highlighted six key areas of concern: deepfake technology enabling sophisticated impersonation, AI-driven phishing attacks increasing in scale and personalization, vulnerabilities in Internet of Things (IoT) devices, the rise of ransomware-as-a-service models, the exploitation of blockchain technology for fraudulent activities, and the challenges posed by quantum computing to current encryption methods. I emphasized the importance of internal auditors staying informed about these developments and implementing robust controls to mitigate associated risks
- Artificial Intelligence: 6 Critical Risks Internal Auditors Can’t Ignore : In February, I discussed six critical risks associated with artificial intelligence (AI) that internal auditors must address: Accuracy and Accountability; Ethical Considerations; Data Privacy Issues; Talent Disruption; Intellectual Property and Legal Risks; and Security Threats. I emphasized the importance of internal auditors proactively addressing these risks to ensure responsible AI integration within their organizations.
- The New IIA Standards Are Raising the Bar for CAEs on Technology Strategies In August, I partnered with Tom O’Reilly for an AuditBoard blog to explore how the new Global Internal Audit Standards elevate the expectations for CAEs regarding technology strategies. Previously, CAEs were encouraged to use technology; now, they are required to develop a comprehensive technology strategy that enhances the internal audit function’s effectiveness and efficiency. This includes regular evaluations of current technologies, implementing appropriate training for audit staff, collaborating with IT and information security departments, and communicating any technological limitations to the board and senior management. We provided a detailed breakdown of Standard 10.3, “Technological Resources,” and offer a five-step guide to help CAEs document their technology strategy, ensuring their audit functions are well-equipped to meet current and future challenges.
Those are the blog posts that resonated the most with you, my readers, in 2024. I hope you benefited from and enjoyed reading them as much as I did writing them.
It is ever-present in my mind that the job of modern internal auditors is complex, challenging, sometimes dangerous, and too often undervalued. This is why I try to make sure every one of my blog posts contains useful information for internal auditors in the field. These top posts, based on their large readership, reflect an eagerness by those who seek to expand their knowledge of the profession and to improve their service to their organizations. That gives me great comfort about the profession and its future.
As always, I look forward to your comments via email to blogs@richardchambers.com or X.
I welcome your comments via LinkedIn or Twitter (@rfchambers).