Winston Churchill said “To improve is to change, to be perfect is to change often.” Every new year brings with it this renewed opportunity ‘to improve’ and get closer to perfection.
Most professionals set forth goals for the new year; perform better at their jobs or pick-up new skills along the way. Internal Auditors are no different. In a constantly evolving function such as Internal Audit, it is imperative that one always stays ahead of the game.
There are certain goals that apply to the Internal Audit profession. These are:
1. Build strong relationships with all stakeholders
Managing stakeholders is key to the success of an Internal Audit function. From the audit committee to individual process owners, internal audit deals with a number of key stakeholders. As mentioned in the article Working with Stakeholders, regular communication with stakeholders is critical in building trust and in highlighting the value of the function. Simple initiatives such as putting together an intranet/internet website with useful corporate governance and risk management measures could go a long way in demonstrating the function’s commitment to the company.
2. Be more vigilant about cyber risks
In a survey conducted by The Institute of Internal Auditors, more than 70% of respondents consider the risk of a data breach to be at least moderate. Successful companies are attractive targets for organized criminals and motivated hacktivists who are looking to steal valuable intellectual property and other sensitive information. Cyber security is all too often thought of as an IT matter rather than a business-wide strategic risk management issue. Internal Auditors can take the lead and deal with cyber threats facing businesses by performing more comprehensive risk assessments to identify and prioritize critical information assets. Further, including IT security personnel in the IA team and conducting more cyber security training sessions can improve the quality of IT audits performed.
3. Aim to roll out more value-add projects and operational audits
The best way to understand what value-add services the Internal Audit function can provide is by asking the stakeholders. Some of the important services that the Internal Audit function can provide are evaluating new technologies adopted by the company, laying down efficient fraud detection programs and analyzing the effectiveness of the company’s existing policies and procedures. Operational audits could be an effective way of adding value to the organization by focusing on areas such as supply chain optimization, offshoring, talent mobility, innovation, and cloud computing.
4. Streamline audit with technology
Technology is the biggest enabler of positive change in the organization. It is no more a question of ‘if’ the internal audit function needs to adopt a software but rather a question of ‘which’ software to implement to better serve the organization. There are plenty of software solutions in the market that offer a range of solutions for GRC, Internal Audit, Sarbanes Oxley etc. It is necessary to understand the specific compliance requirement to be satisfied, the complexities in the organizational structure and then, select a software that best fits the company’s internal control environment. AuditBoard is one such solution for Sarbanes-Oxley compliance that has been successfully accepted by many public companies in the US.
The core message for internal auditors is to ‘look at the big picture’ and explore different avenues to add value to the organization. Having an in-depth understanding of operational dynamics and strategic objectives of the business, while maintaining healthy relationships with the key stakeholders, will enable internal auditors to successfully achieve their goals for the new year.
Daniel Kim, CPA, is co-founder of AuditBoard. Formerly global head of audit for two multibillion-dollar public companies, Daniel leverages his 15+ years of audit, risk, compliance, and SOX program consulting with hundreds of pre-IPO and public companies to deliver modern solutions for today’s corporate audit needs.