10 Most-read Blog Posts of 2020 About “Internal Auditors” From Mr. Richard Chambers
Five Internal Audit Resolutions for 2020 and Beyond-BLOG#1
By Richard Chambers, President and Chief Executive Officer of The Institute of Internal Auditors
Loyal readers of “Chambers on the Profession” know that the first blog post of the year traditionally offers five New Year’s resolutions for internal auditors. 2020 year’s list leverages heavily what we learned in 2019 to better position internal audit and our organizations to succeed.
The IIA published two landmark reports in 2019 that offered new and unique insights about risk management and sound organizational governance — and the role internal audit should play in supporting both.
- OnRisk 2020: A Guide to Understanding, Aligning, and Optimizing Risk presented a singular look at how the board, executive management, and internal audit align on managing key risks.
- The American Corporate Governance Index (ACGI) provided a governance report card on publicly traded U.S. companies.
While The IIA prepared both reports primarily for its members in America, I am confident that the themes that emerged have global applicability.These reports offer a wealth of data that supports audit planning and effective risk management. They also helped shape my thoughts about resolutions for the New Year. Therefore, without further ado, here are five internal audit resolutions for 2020 and beyond.
1-Speak candidly with the Board about the organization’s true capacity to Manage Risks.
I believe one of the most valuable findings of the OnRisk 2020 report is that boards are overconfident and generally perceive higher levels of maturity in risk management practices in the organizations they oversee. This should raise serious questions about whether boards have realistic views on key risks and the organization’s ability to manage them.
Internal audit cannot defer to others the need to correct any misperceptions that may exist. Whether speaking through the audit committee chair or directly to the board, chief audit executives should begin a dialogue on this issue. It is important to position this conversation as one where internal audit offers its insights and advice about the organization’s risk management alignment, and not point fingers at those to blame for any misalignment.
2-Assess the Organization’s Sustainability Risks, and discuss with Management and the Board.
The publication of the ACGI in December by The IIA and the University of Tennessee’s Neel Corporate Governance Center was long overdue. I have come to believe that corporate America’s indifference to sustainability is itself not sustainable. However, there is room for optimism.
There is growing realization among corporations about the importance of sustainability, especially as investors increasingly tie their financial support to organizations that can show long-term value creation, and not just short-term gains. Internal audit must take advantage of this by understanding and assessing sustainability risks, including the accuracy of sustainability reports that address an organization’s economic, environmental, and social impacts.
3-Enhance how we tell Internal Audit’s story.
One of the biggest challenges practitioners face is showing stakeholders how internal audit adds value. As discussed in the previous resolution, corporate leaders often focus on short-term goals and immediate risks. They may not appreciate the value that independent assurance and an organizationwide perspective offer over the long term.
As we head into the new decade, recession is the No. 1 risk concern cited by CEOs globally, according to the Conference Board’s 2020 CEO Challenge survey. If there is an economic downturn, executive management undoubtedly will look for ways to cut costs. This is why we must show internal audit’s value before the belt tightening begins. There is no downside to being more articulate about how internal audit adds value.
Therefore, our goal must be to improve how we tell our story. Two quotes are appropriate here. Harvard University professor Howard Gardner calls stories “the single most powerful weapon in a leader’s arsenal.” This means we need to be clear and compelling in how we make the case for internal audit adding value. The second quote comes from entrepreneur and marketer Seth Godin who says, “Marketing is no longer about the stuff that you make, but about the stories you tell.” Ultimately, the “stuff” internal audit makes improves organizations, but that won’t matter if we don’t enhance how we tell our story.
4-Improve our use of and credibility around RPA and AI.
Corporate boards and executive management that understand technology can improve operations, provide a competitive edge, and influence strategy. Internal auditors must show our stakeholders we can adopt and adapt technology to improve the work we do, as well.
Robotic process automation (RPA) and artificial intelligence (AI) are working their way into internal audit processes, but the pace has been slow. Just 19% of functions report using RPA and 17% use AI, according to Protiviti’s 2019 report, Embracing the Next Generation of Internal Audit. What’s more, no other next-generation technology, including continuous monitoring, Agile auditing, and advanced analytics, top 30% adoption rates.
Simply put, we must do better.
5-Hone in on risks related to data ethics.
As the use of data by organizations increases, so will the risks associated with how it is gathered, managed, used, and protected. It is inevitable that regulation on data will evolve. Indeed, public scrutiny on organizational conduct relating to data is increasing.
For these reasons, internal audit must step into a leadership role in educating stakeholders on risks related to data ethics. We can start by encouraging management to develop guideposts that measure whether the organization’s use of data aligns with risk tolerance, and then provide assurance around adherence to those guideposts.
,The new year offers significant opportunities, as outlined in these five resolutions. If we can embrace them and make steady progress, our 2030 vision of becoming universally recognized as indispensable to effective governance, risk management, and control can be attained.
Copyright 2020 – Richard F Chambers and The Institute of Internal Auditors. Article was orignally published in Jan 2020 at ,The Institute of Internal Auditors website iaonline.theiia.org/blogs.
About author:
Mr . Richard Chambers Serve as the Global President and CEO of The Institute of Internal Auditors (IIA), representing 195,000 members in 170 countries worldwide. The IIA is the internal audit profession’s global voice, chief advocate, recognized authority, acknowledged leader, and principal educator. Serve along with the Chairman of the Board, as the chief spokesperson and advocate on behalf of the global internal audit profession.
Direct more than 200 professional staff at the IIA Global Headquarters in achieving the agreed-upon strategies and objectives on behalf of the North American and Global Boards of Directors.
Over almost 10-years as the Global CEO, The IIA has achieved unparalleled growth and progress, including record membership, more than 100% increase in gross revenues, and a 800% increase in net assets. As CEO, directed the launch of the Audit Executive Center, the Certification in Risk Management Assurance, Internal Auditor Online, the AuditChannel.tv, and the American Center for Government Auditing. Serve concurrently on the COSO Board of Directors and the International Integrated Reported Council. Recognized by the Orlando Business Journal as “CEO of the Year” honoree in 2016.
Author of two award-winning books: “Lessons Learned on the Audit Trail” in 2013 and “Trusted Advisors: Key Attributes of Outstanding Internal Auditors” in 2017.
- “The Compass and the Radar”- Decode the Big picture and Increase your Value - July 1, 2021
- Bitcoin Mining Energy Consumption - June 26, 2021
- What Pirates Have To Teach Us About Leadership - June 15, 2021
Audit risk is fundamental to the audit process. Above article clarify risk base approach in order to minimize the chance of giving an inappropriate audit opinion