When I started as an internal auditor back in 1989, the world was different in so many ways. While there have been significant advances in many areas over the past 30 plus years, including in the area of technology, some key pillars of internal audit have not changed. Certainly, the need for strong internal controls is more important than ever before for companies big and small, public or private. So, I thought it might be nice to capture some of my thoughts looking backward and forward in several areas: the role of internal audit, the use of technology in internal auditing, and seeing the internal auditor as a partner and not an adversary.
So, let’s start with the role of internal audit. To be sure, internal auditors have been a part of companies for a long time, but the profession has evolved dramatically over the years. Organizations like the Institute of Internal Auditors (IIA) and Information Systems Audit and Control Association (ISACA) provide great opportunities to train auditors, providing members with resources to take their skillset and the profession in general to the next level. Internal auditors have also evolved to be seen more as business partners and playing a role related to internal controls far beyond just the accounting side of companies. I started in internal audit as an IT Auditor. Back then, it was called “Electronic Data Processing (EDP) Auditor.” We had a staff with five times as many financial auditors as IT auditors, and no one was called an operational auditor. The composition of the internal audit staff has evolved to meet the changing needs of the business now, which allows each audit staff to be seen more as business partners. Internal auditors now play roles as consultants on business software implementations and special projects where controls advice is required—think Y2K (yes, I’m dating myself again, but I played that role). Internal auditors are also used to help evaluate how companies are strategically addressing business risk across the enterprise. The evolution of internal audit does not replace the need for conducting traditional audit testing. Still, it is such a positive sign that companies recognize auditors can play a role much greater and broader than when I started in the profession so many years ago.
I love technology, always have. Going back to my first computer, a Commodore 64, and before that, I was loading cassette tapes to run programs on a TRS-80. My life as an IT Auditor has allowed me to see how technology can be a strategic enabler for companies to grow. In today’s internal audit department, technology allows auditors to test in areas previously unavailable and to test far deeper than the traditional sample size of 30. Technology has also allowed companies to implement stronger controls, automating functions that, in the past, might have been manual and prone to errors (think Segregation of Duties or User Access reviews). As auditors, we can now test some of these automated controls quicker, allowing us to test in risk areas that might be new or that, in the past, might not have had much time dedicated to it in the audit budget.
Technology also has made it easier for our “auditees” to have time to prepare for the annual audit. For instance, these automated tools allow them to collect their supporting documents, reports, and more, to meet the list of Prepare by Client (PBC) items. In days past, it might take weeks to gather supporting documentation for auditors to test. Now, with automated controls, it just takes a few keystrokes to generate the reports out of their GRC (Governance, Risk Management, and Compliance) solutions to produce the audit evidence the internal auditors need to test.
The last item on my looking back (and forward) list is how the role of the internal auditor has evolved to be more of a business partner or advisor. This still may not be the case for some companies, but my experience has been that the relationship between departments and the internal audit staff is much more positive than in the past. I can remember our audit staff joking about needing to put on our “heavy armor” before a closing meeting when we expected it to be a tough one. Those times, for the most part, have changed. Do those still happen? Yes, of course, they do. Still, I would argue that more and more, the internal audit staff is getting requests for assistance on special projects where their input or advice is needed, and not just as part of a specific audit on the audit plan or testing required to meet the needs of the annual audit schedule. This evolution of the internal auditor to more of a business partner as a strategic asset of the company versus an adversary is key to the continuing success of internal audit functions around the globe. When paired with the technology auditors now have access to, I think this sets the profession up to add more value to their companies in the years to come and something I am excited to see.
My last thirty-plus years in the internal audit community have been great. I had the chance to mature professionally early in my career because of the challenges audit provides. I also was fortunate enough to see the growth of technology and how it can assist auditors with more efficient and effective testing and allow companies to better prepare for audits. The evolution of the auditor to a business partner is also something not to be overlooked going forward as the profession continues to evolve.
I look forward to that evolution in the next thirty years and am excited to be along for that ride as well!
Fastpath can help make audits less painful. Fastpath was developed by auditors for auditors. Download our eBook, A Practical Approach: 7 Audit Scoping and Project Management Best Practices to learn how your company can develop the right planning and tools to execute an effective audit program.
Reach out to us to see what Fastpath can do for your company.