They represent industries as diverse as banking, manufacturing, consulting, media, energy, and government. Their careers in internal audit range from barely a year to almost a decade. And they hail from the United States and Canada, plus nations as varied as Russia and The Bahamas. But they have a great deal in common as well. They’re all active in IIA chapters and institutes, for one thing. They also like to create new risk analysis tools, co-author articles on the intricate details of their areas of expertise, and lead global internal audit projects for major international corporations. And their colleagues say things about them like, “took initiative to go above and beyond,” “consistently establishes himself as a key contributor and leader within the department,” and “represents a bright future for our profession.” They are recognized as this year’s 20 Under 30 by Ia magazine. Some got their internal audit feet wet while still in college, while others actually started in different divisions at their companies and transferred to internal audit as a career move. Many of them credit mentors with giving them the tools to become successful in their careers, and every single one of them has distinguished himself or herself by tackling problems head on, becoming the go-to person for a particular issue, and promoting the internal audit profession through word and deed. These young auditors never seem to stop — to stop learning, to stop growing as internal auditors, or to stop giving back to the profession through work in their communities and in their local IIA chapters. They’re technology-savvy and are helping to shape the internal audit profession of the future, not as a box-checking “department of ‘no,’” but as a trusted, valued, and value-adding consulting function within their organizations. As a result, the future looks exceptionally bright for internal audit.
For pictures of the "20 Under 30," see Internal Auditor's Digital Edition.
How They Were Chosen
Who more qualified to choose the most promising young auditors than those who were once in their shoes? Members of The IIA’s American Hall of Distinguished Audit Practitioners graciously volunteered their time to review the many nominations Ia received and choose who they felt represent the best and the brightest of the next generation of internal auditors.
Cynthia Cooper, CFE, CPA, president of the Cooper Group LLC, is best known for blowing the whistle on fraudulent accounting practices at WorldCom while serving as the company’s chief audit executive. She was subsequently named one of Time magazine’s Persons of the Year in 2002. She is a frequent speaker at IIA events.
Stephen Goepfert, CIA, CPE, CRMA, vice president of audit at United Airlines, has held numerous IIA volunteer positions including 2006-2007 chairman of The IIA’s Global Board of Directors. He is a frequent presenter at IIA conferences and chapters around the United States.
Ralph Purpur is the former vice president for auditing at Estee Lauder and has been a member of The IIA for more than 40 years. He has served on various committees at the local, regional, and national levels. He continues to volunteer with The IIA through conferences and education.
Glenn Sumners, PHD, CIA, CPA, is founder and director of the Louisiana State University’s Center for Internal Auditing. Sumners has written numerous articles on the profession, serves on Ia’s Editorial Advisory Board, and is a consulting professor for The IIA’s Academic Relations Department.
William Taylor, CPA, CGFM, has been involved with The IIA for nearly 30 years in a variety of roles, including chairman of The IIA’s Global Board of Directors. He retired from the Inter-American Development Bank in 2004 after 41 years in internal audit. He continues to volunteer his time with The IIA.
Nathen Simon, CIA, CGAP, CFE
Internal Auditor, Government of Canada, Age 27
In just six years, Nathen Simon has gone from co-op student to full-time auditor to project leader with as many as five team members under his direction. He’s recruited and coached new co-op students, and his commitment to that program was recognized when he was nominated as a “Co-op Employer of the Year” in 2012 by Carleton University. “I have been very fortunate to work in an environment that fosters success through training and teamwork,” the Ottawa University graduate says, “and have had great mentors and supervisors who challenge me to do my best. I’ve also had great team members who support me as an audit project lead in completing projects.” In fact, the first project he led by himself ranks as his proudest achievement so far, he says, in part because it was accepted by the audit committee on the first presentation. “I was involved with this engagement from start to finish,” he reports, “where I managed internal auditors and consultants and interviewed and challenged the status quo of our senior executives.” Using what a colleague calls “innovation and creative thinking in the way we conduct internal audits,” he suggested, as part of a governance audit, the use of an online survey tool to solicit information from senior management, allowing him and his team to obtain important details while minimizing the impact on their schedules. In a separate review of hiring practices, he developed an innovative test for assessing previous relationships between hiring managers and contractors, and, to facilitate the efficiency of all of his projects, he instructed his team to validate individual findings from their file reviews on an ongoing basis as a best practice. “Don’t be afraid to try something new or attempt a challenging engagement,” he says. “This will allow you to develop your own internal audit skills toolbox that you can use to market yourself and add value to any organization.”
Rachel Bond, CIA
Consultant, Deloitte & Touche LLP, Age 25
When it comes to her professional life, Rachel Bond has a motto: “True success is helping other people succeed.” She’s benefitted from that herself — and acted on it as well. “I know from personal experience that the advice and counsel of someone with more experience who takes a vested interest in your success — a mentor — can make a huge difference.” she says. While in college, in fact, she started her quest to learn from, and impart wisdom to, her fellow internal auditors in the making. The Louisiana State University graduate was the internship coordinator for the school’s Center for Internal Auditing, an IIA Internal Auditing Education Partnership (IAEP) Center for Internal Auditing Excellence. “That role gave me the opportunity to interact with students, practitioners, and recruiters while I was still in school,” she points out. “I was able to acclimate to the profession through these networking experiences, giving me a great start to my career.” At the same time, she got involved with IIA activities, serving as a student liaison in the Baton Rouge Chapter. Now, the 2011 Esther R. Sawyer International Award winner is an active member of The IIA’s New York Chapter, serving as Academic Relations Committee chair and assisting with its large events such as a recent joint conference with ISACA’s New York Metropolitan chapter and its Annual Audit Seminar, each attended by more than 200 internal audit professionals. And at work, she endeavors to share the understanding internal audit has of an enterprise’s operations by enhancing the perception of the profession as a value-adding function. “The focus,” she says, “is evolving from controls to risks to governance into an integration of governance, risk, and compliance. A great example is the current hype around big data and analytics. The profession should be at the front of this wave, using its expertise to lead the change.”
Kayla Carter, CIA
Manager, Protiviti, Age 28
“I believe the most successful internal auditors are first and foremost creative and critical thinkers,” Kayla Carter comments. “Generally, our clients come to us when it is time for a change; something isn’t working as it should or perhaps it could work better. It is up to us to innovate and develop unique, customized solutions to help them protect their assets and maximize their success.” She practices what she preaches. In addition to detailed documentation and testing of business processes and IT controls, she has helped clients develop top-down risk management approaches by doing just that in a number of what a colleague calls “unique experiences.” For example, she conducted third-party media buying contract reviews for an international retailer, which resulted in a cost recovery of US $250,000; assisted a pharmacy benefits management client with an external quality assessment of its internal audit department as prescribed by The IIA; completed a feasibility study of an international toy company’s legacy IT system performance to determine operational sustainability options for its upcoming peak production season; and performed a series of loss prevention audits for a national electronics retail chain during its liquidation process. In addition, she has collaborated with enterprise risk planning software implementation teams during the security and controls design phases of multiple SAP, Oracle, and Oracle Retail implementations and, most recently, served as the regional security and controls team lead for an international SAP deployment, working to deploy more than 7,500 users so far. As a result, the Pittsburg State University graduate was recently awarded an early promotion to manager at Protiviti in Overland Park, Kan.
Seth Peterson, CIA, CRMA
Internal Audit Manager, MetaBank, Age 28
Seth Peterson knows the value of learning from more experienced, wiser colleagues. The Buena Vista University graduate — who just completed his course work toward an MBA from The University of South Dakota — says one of the keys to his success is his boss, Joel Baier. “He’s been a great mentor,” he says. “He has constantly challenged me with new responsibilities and granted me the autonomy to make decisions and solve problems, and he’s been my top supporter in success or failure.” The relationship has been so productive, in fact, that Peterson challenges new internal auditors to gain knowledge in the same way. “Learn as much as you can from as many people and sources as you can,” he advises. “A mentor can go a long way in your development.” One of the ways he puts what he’s learned to use is by using data mining and analytic techniques in each audit he performs to target samples and analyze large volumes of transactions. Colleagues say he works “diligently and with creativity” in an industry sector where there’s not a lot of guidance to tap into — prepaid cards. He gives back through his work with IIA–Sioux Falls, where he has served on the program committee for three years, served as vice president in 2012, and is now president. Under his leadership, monthly meeting attendance has jumped by almost 30 percent, the chapter was recognized as a Chapter of Excellence for its promotion of the CIA Learning System, and it has attained Gold Chapter status for 2012–2013. Peterson also was chosen to serve on The IIA’s Chapter Relations Committee as the district representative for Midwest District No. 3.
Khristi Ferguson, CIA, CPA, CA, CFE
Director of Internal Audit, Ministry of Finance, Bahamas, Age 29
Khristi Ferguson is working to move the internal audit profession forward. She’s been recognized by her peers and superiors for her efforts to increase the awareness and importance of internal auditing — and for her work in the development of quality internal auditors under her leadership. One of the youngest directors of internal audit in the Bahamian government, she’s credited with assisting her employer in implementing and enforcing key policies and controls that were either nonexistent or not enforced before her arrival. Since her appointment, she has introduced IT auditing as a new service line. And, a former colleague says, she’s raised the standards and goals of the unit through the implementation of The IIA’s International Professional Practices Framework and conformance to the International Standards for the Professional Practice of Internal Auditing (Standards). The Missouri State University graduate has accomplished this in what other people working in it acknowledge to be one of the tougher climates for internal audit. “It is well known that within a government organization, control deficiencies are potentially high and so is bureaucracy,” a former colleague points out. “Addressing such deficiencies requires constant communication with those charged with governance, along with the necessary support.” Ferguson also focuses her skills on the next generation of internal auditors. “I am most proud of being able to contribute to the profession through the development of the internal auditors under my charge,” she says, “as well as the future minds of internal auditing. It is one of the most rewarding experiences, to participate in the development of another individual. It requires much more than the memorization and regurgitation of the Standards.”
Michael Cook, CRMA, CISA, ITIL
IT Audit Manager, State Street Corp., Age 27
The future belongs to the technology literate, and especially to those who understand it and who can talk about it in nontechnical terms to people who don’t. That’s Michael Cook in a nutshell. In fact, he credits his success to his ability to align his technical IT aptitude with his communication skills. “As is true with all auditors,” he says, “IT auditors must be very perceptive and have strong communication skills; however, a successful IT auditor also will possess a unique IT skill set.” Moving forward, he explains, “more audits will be performed in an integrated fashion, bringing business and IT auditors and skill sets together for single audits. Business audits will become increasingly dependent on technical controls to secure large amounts of data, and data analytics within audit departments will become a very important driving factor in the internal audit review process.” In that vision of the future, auditors from different disciplines will need to be able to talk to each other. Indeed, he advises students with designs on a career in the field to beef up their public speaking skills. “It will be far more important to be able to speak in laymen’s terms about highly technical issues than to speak in a highly technical language with other subject matter experts — because more likely than not, your clients will come from a different field of expertise than you.” The Florida Institute of Technology graduate has put that philosophy to good use, earning three consecutive promotions, two excellence awards, and many “above-and-beyond” awards through peer nomination. He’s one of the youngest IT audit managers ever employed by Boston-based State Street, and holds the record for fastest promotion to manager in the IT audit department.
Katie M. Houston, CPA, CFE, CLEA
Supervising Senior Auditor, City of Austin, Texas, Age 27
Katie Houston, the newly installed supervising senior auditor for the City of Austin, Texas, focuses on her communication strengths. “Increasing global connectivity will radically alter the way we distribute critical information,” she says. “People can access countless audit reports from around the world in a matter of minutes.” But she recognizes the responsibility that accompanies that development, noting that it requires auditors to “be more diligent about selecting the right audits to do, the most important risks to address, and the best way to present information so it is useful to all report readers.” The St. Edward’s University graduate, who recently transitioned from a position with the Texas Department of Public Safety (DPS), relied on her expert communication skills when she led a complex audit of that agency’s fuel management practices and recognized a control environment that was, as a colleague put it, “fraught with challenges.” She worked with her team to re-evaluate and refine the audit approach and identified numerous control deficiencies resulting in significant enhancement and transformation in the agency’s approach to fuel management. When her department at DPS doubled the number of internal auditors in a year, she was a key player in hiring, training, and mentoring those new hires, specifically focusing their efforts on not just compliance audits, but on internal control testing and conducting high-quality performance audits. “Be confident enough to share your knowledge with others,” she says. “You have thoughts and ideas that may be just the solution others are searching for.”
Eric Gavel, CIA, CPA
Senior Internal Auditor, Raytheon Co., Age 25
Eric Gavel is, as a colleague calls him, a true innovator. Through risk capture, gap analysis, and controls knowledge, the Northern Arizona University graduate challenged his company’s audit planning approach by creating a new risk analysis tool in his first full-time audit engagement. And in his short tenure as a professional internal auditor, he has already founded and led an internal audit SAP integration team to maximize his department’s use of business systems to enhance data analytics, customer satisfaction, and audit effectiveness. “I believe in taking an innovative approach to problem-solving without losing sight of the big picture,” he says. “I try to use all of the tools and resources at my disposal and continue to build that tool set through networking and continuous learning.” Working at the company’s Dallas office, Gavel also is credited for pioneering Raytheon’s internal audit approach for assessing compliance with increased contractor business systems oversight: a fast-paced review of system requirements and limited control testing that provides management with a quick turnaround and impactful recommendations. “Push yourself and always look for the next challenge to conquer,” he says. “Make yourself comfortable in uncomfortable situations, never become complacent, and maintain your relevance through continuous learning.” At the same time, though, he emphasizes that he never loses sight of his responsibilities to his family, which includes his wife and two sons.
Matt Harrell, CIA, CISA, CFE
Senior Auditor, AutoZone Inc., Age 27
Matt Harrell is the very model of a modern internal auditor. “External expectations of the work internal audit does is on the rise,” he says. “It’s all about what business management expects from the function — and not just related to compliance and Sarbanes-Oxley. Management wants and needs creative recommendations that can be provided by the internal audit function.” And it needs to know that internal audit stands by what it says and does. “You need to know when to be flexible and when to stand your ground,” he emphasizes. “Being flexible doesn’t mean being a doormat for management; it means showing a willingness to gain alignment to achieve a common goal.” The Christian Brothers University graduate has put his forward-thinking approach to good use. One of his first tasks at AutoZone was to help insource an internal audit function — “not just bringing people into internal audit,” as he puts it, “but bringing them into the company.” As a colleague describes it, his “commitment to the department, understanding of risk and control, and championing of the intern and new hire recruiting process has allowed the department not only to grow rapidly, but to flourish.” Specifically, a colleague cites Harrell’s “ability to understand the business, put auditees at ease, and illustrate out-of-the-box, holistic rationales.” He even applies this focus to his work with The IIA’s Memphis Chapter. One of his recent projects involved modernizing the continuing professional education (CPE) acknowledgement process from paper certificates distributed at monthly meetings to electronic certificates distributed via email after attendance rosters have been verified, an improvement credited with reducing CPE processing time, eliminating undue paper usage, and ensuring the integrity of the CPE process.
Senior Internal Auditor, Houghton Mifflin Harcourt, Age 25
Teresina “Terra” Fusco focuses on the big picture, and on the totality of expertise internal audit can bring to an enterprise. “It is important for internal auditors to be perceived as a resource and an ally to individuals and departments within the organization,” she states. “Taking the time to build the trust and respect of key individuals in the business has been instrumental to my success.” Being able to understand the big picture and know how each process fits in with the rest of the organization has also been important. “Internal audit is inherently a risk and control function,” she adds, “but we also can help a lot of departments gain efficiencies by streamlining their processes — as long as we are able to understand the processes as a whole.” A colleague explains that in the most challenging situations — those that typically strain or damage relationships — she builds relationships and gains trust and credibility as a result. Fusco put that skill to good use at Houghton Mifflin Harcourt, where she assisted a growing internal audit department with the onboarding of new department hires at all levels, including management. Fusco is passionate about giving back to the profession through coordination of IIA awareness events at various Boston-based universities. It all comes down to believing in internal audit, the Northeastern University graduate points out. “I was initially very hesitant to voice my concerns or opinions on matters relating to the projects to which I was assigned,” she says. “By learning to speak up when I felt as though items were being overlooked, I was able to gain the respect of my colleagues both in internal audit and in various departments within the organization — and to become an influential team member and someone who key stakeholders trusted far sooner than I had ever imagined.”
Jade Lee, CIA, CMA
Manager, Audit Services, Precision Drilling Corp., Age 26
Jade Lee had an “aha” moment, and it turned out to be the turning point that led to her success. What was it? “The moment I realized that I ‘got it,’” she says. “Internal audit is not a career for everyone. Some people go years doing this as a job and never truly see the big picture.” It’s simple enough to complete tasks and fill out spreadsheets, she explains, but hard to teach a way of thinking or a way of seeing things. “I have always wanted to learn everything, to know everything, but it wasn’t until that moment when the light bulb went on and I saw internal audit for what it is — its intentions, capabilities, and possibilities — that I was able to ultimately succeed in my career.” It wasn’t an easy path. Internal audit was a completely different world for her and, she says now, she had no idea what the career entailed or what its purpose was. So she took three of the Certified Internal Auditor (CIA) exams in two months and earned her first designation, which, she comments, really pushed her to commit to the career and to continuous learning. The University of Calgary graduate has displayed that commitment in many ways, among them by leading the risk assessment and annual audit plan creation for Calgary-based Precision Drilling Corp.’s Internal Audit department. Her successful integration of the organization’s enterprise risk management process with her department’s audit universe has led to increased efficiency and acceptance of the planning process, and she was recently appointed the subject matter expert for audit, compliance, and risk in the implementation of a comprehensive integrated GRC software solution for the firm because of her extensive knowledge of how the three processes interact.
Brian Kistler, CIA, CRMA, CPA
Senior Staff, Crowe Horwath LLP, Age 26
Brian Kistler credits his success to his commitment to continuous learning. “Whether through observing the soft skills of colleagues, focusing on The IIA’s professional standards and certifications, or investing the time to learn emerging trends or technical areas, being proactive in developing new skill sets has played a significant role in my accomplishments,” he says. One of those accomplishments required him to learn a lot in a very short time. Soon after joining Crowe Horwath, Kistler was asked to assist on a project to develop an audit program for banks to follow to meet the requirements of the U.S. Federal Deposit Insurance Corp.’s loss-share agreements (LSAs). The assignment required him to get to know the terms of the LSAs in tremendous detail and to understand the operational components and accounting requirements relative to the loss-share process. He did that and more, and now is viewed as an expert on the subject. According to a colleague, even though he’s now at the senior staff level, managers and partners bring their loss-share compliance questions to him. He even co-authored an external article and an internal white paper on the topic. Internal auditors who want to learn on the job are wise to observe others, he says. “Pay attention to the behaviors of respected colleagues and others in leadership positions and observe how they conduct themselves,” he advises. “Identify the positive characteristics they exhibit and try to incorporate those aspects into your own routines.”
Alexandra Kirsanova, CIA,
Head of Internal Audit and Control, ERGO Russia, Age 28
In the space of just seven years, Alexandra Kirsanova went from internal audit intern to chief audit executive, and a former colleague describes her as “one of the brightest and the most enthusiastic internal auditors in Russia.” In fact, she’s in the first wave of professional internal auditors in that country. “I consider a key factor of my success my readiness to assimilate a new profession when it was in the process of active formation,” she explains. “In the Russian Federation, the internal audit profession is rather young, and the local institute of The IIA was only established in 2000.” For her own professional development, then, it was necessary to “travel extensively all over the country to be engaged in internal audit projects, study hard and pass the IIA certifications exams, find ways to gain worldwide experience, and, of course, be ready to learn from my own mistakes.” She says she believes in passing that knowledge on, too, both inside and outside her organization. She participates in various activities of IIA–Russia, for example, by making presentations at meetings and taking part in roundtables. “It is especially important that she promotes the internal audit profession not only in Moscow, but also in outlying regions,” a colleague says, including the Nizhny Novgorod and St. Petersburg areas. Her proudest achievement, she says, is the success enjoyed by the internal auditors she’s trained. “The majority of them previously had no experience in internal audit, compliance, or risk management,” the Moscow State University of International Relations graduate says. “I am proud that they achieve professional success, pass IIA certification exams, and move ahead on their career paths.”
Michael Levy, CRMA, CISSP, CISA
Senior Consultant, Deloitte & Touche LLP, Age 27
Knowing what needs to be done doesn’t help much if you can’t communicate it to the people who need to do it, and nobody understands that better than Michael Levy at Deloitte in Philadelphia. He specializes in the design, implementation, assessment, and optimization of business processes and general IT controls, and boasts significant experience in identifying and assessing controls and performing risk assessments, Sarbanes-Oxley Section 404 audits, and IT audits. “An internal auditor’s job is to independently evaluate and help improve an organization’s effectiveness around risk management, controls, and the governance process,” the Rutgers University graduate says. “A key to achieving these objectives is not only the ability to identify issues, but to communicate difficult issues and help determine solutions. One of the most significant keys to my success is my ability to formulate solutions to complex issues and to communicate productively the findings and solutions to both stakeholders and process owners.” He’s put that skill to use as the lead senior consultant on a global internal audit project for a large chemical manufacturing company and in leading the internal control over financial reporting audit for a multibillion-dollar retailer, including development of testing approaches for some of the company’s most complex areas. “The role of internal audit is evolving into a critical component of every successful company,” he notes. “Internal auditors no longer just review financial statement controls; the role has evolved into that of a trusted business adviser who helps lead an organization to success. As the profession continues to grow, I predict this role will become an even larger, more integral part of a company’s ability to drive compliance, operational efficiencies, and overall success.”
Jesse Cohen, CIA, CISA, CFE, CRMA
International Internal Audit Advisor, AutoZone Inc., Age 29
Having had a lot of guidance in his career, Jesse Cohen gives the people who helped show him the way credit for his success. “I’ve been blessed to have a long line of extremely talented and gracious teachers who have taken the time to share their collective knowledge and wisdom with me,” he explains. Clearly, some of their talent has rubbed off. After graduating from the University of Memphis and earning a masters in business administration from Louisiana State University, Cohen went to work as an international auditor, traveling across multiple continents while performing factory operations audits, business unit financial reviews, and fraud investigations. Cohen also was instrumental in developing his previous employer’s first global integrated audit management software platform. At his current post, he led his company’s first Foreign Corrupt Practices Act (FCPA) compliance review and subsequently helped to establish a world-class FCPA compliance program. Cohen has recently taken supervisory responsibility for all audit activities in Mexico and Brazil. He also developed new analytical tools and reports that assisted his team in recovering almost US $13 million in unpaid vendor funding during just one fiscal year. At the end of the day, though, Cohen has learned that balance is the key to a successful career. He offers this advice for the next generation of auditors: “It’s important to maintain an appropriate perspective on your work-life balance. For all its positives, audit isn’t the easiest career in the world … the hours can be long and the demands high. The key is to remember that no one ever looks back at their life and wishes they had spent more time working.”
Stella Hu, CPA, CFA, FINRA Series 7 & 63, FRM
Vice President/Principal Auditor for Corporate Banking and Securities, Deutsche Bank AG, Age 29
Stella Hu has built her present and future on the solid foundation of her past. “The key to my success is growing up in a family dedicated to the core values of integrity, ambition, and diligence,” she says. “Seeing my parents build a small business from the ground up, I witnessed how determination, hard work, and principle lead to success. As I bring these values to the internal audit field, I set expectations and strive to exceed them throughout my career.” And, she adds, “I have learned a great deal from my talented and dedicated colleagues, and have had the support of many mentors, both in the United States and globally, who have encouraged me to pursue my goals and provided opportunities to broaden my professional abilities.” One result of that: The University of North Carolina at Chapel Hill graduate is the youngest vice president in a global investment banking audit department with nearly 400 staffers. Hu’s been promoted three times in the last five years and coordinates staff in New York; Jacksonville, Fla.; London; Hong Kong; and several other international business centers. Now she’s involved in what a colleague calls “a high-profile audit of a commodities business headquartered in London” that involves directing staff there, in New York, and Singapore. She also has made valuable contributions to theme-based audit engagements, such as risk management, payments, and “portfolio margining” by identifying high-risk issues related to payment authentication, collateral management, and valuations. Her professional accomplishments are mirrored in her personal life as well. She is proficient in both Mandarin and Cantonese Chinese and is semi-fluent in French and Spanish, is an accomplished pianist, and has participated in the Royal Conservatory Music program for almost a decade.
Hui Jing Teo, CIA, CPA, CISA
Internal Audit Lead, Hewlett-Packard, Age 28
First and foremost, Hui Jing Teo attributes her success to keeping an open mind. Doing so, she says, “leads me to consider different perspectives of risks and controls, enabling me to make an informed assessment of risk management in the organization.” That’s especially important, she adds, because her company has various teams and organizations that only manage parts of a single end-to-end process. “When providing recommendations,” she emphasizes, “keeping an open mind about the implications of changes also has allowed me to make more actionable recommendations to the organizations instead of high-level suggestions.” Of course, she also values a deep understanding of the technology that increasingly powers the profession. “Companies around the world are becoming more aware of the concept of risks and controls and, as they look to be more productive, there will be greater dependence on IT systems within a company and more network linkages outside the company,” she says. “Many controls we see today might be executed through IT systems in the future, and in the next 20 years the internal audit profession will shift to auditing more IT system-type controls and there might be a blur between the scope of work of an IT auditor and an operational-financial auditor.” Today, though, the graduate of Nanyang Technological University in Singapore busies herself with more traditional internal audit functions. She’s successfully led and executed several complex, large worldwide, regional, and country-level operational and Sarbanes-Oxley audit projects and, according to a colleague, many of her findings have resulted in “impactful improvements to business processes.” She also helped in improving her department’s audit processes. Two examples: She developed standard audit programs for customer discounts and promotions processes for her division, and she assisted in improving the efficiency of its Sarbanes-Oxley assessments.
Hugo Alhinho, CISA, ITIL
IT Auditor, Shell International BV, Age 28
Hugo Alhinho sees tremendous change on the horizon. “The days of planning audits on a rotational cycle of three to five years are gone,” he says. “The dynamism of the business environment is forcing companies to evolve or dissolve, and internal audit needs to keep pace with the business and audit the strategic risks to ensure the evolution is effectively planned and the associated risks are identified, evaluated, monitored, and managed.” That means, in part, he adds, following those changes by conducting investigations and audits to ensure that the organization’s process control framework still represents the right risks and controls. But it also means “anticipating the industry-related risks and ensuring that discussions occur at the highest levels to review the external environment and pre-plan transitions to maintain or enhance market position.” The graduate of ISCTE-IUL: Lisbon University Institute joined Shell Internal Audit at the start of a project to address the company’s “big data” environment through continuous and, where possible, fully automated, substantive controls testing, and his work has delivered what a colleague calls “a step change in the way audits are planned, executed, and perceived globally.” He’s credited with helping to identify exceptions and efficiency gains that were not visible through traditional auditing, significantly improving financial quantification of those exceptions. And he’s assisted in developing a technical infrastructure to homogenize disparate data, facilitating cross-application reporting and thus providing deeper insights into hot spots by location, business, and process. “I see the future of internal audit focusing more on data-driven investigations and audits,” he says. “That will require a different, hybrid skills set with internal auditors required to understand the financial-operational and technological impact of their work.”
Sarah Purkeypile, CIA, CFSA
Audit Senior Consultant, Comcast Corp., Age 29
Sarah Purkeypile says she owes much of her success to her involvement with The IIA — and her willingness to ask questions when others might not. “The key to success is a great network,” she emphasizes. “I quickly developed a network through my work with The IIA locally and across the United States, and have also kept in touch with people I have worked closely with over the years.” She tapped that network for career guidance, ethical advice, best practices, and professional references, and has introduced others when she saw needs, opportunities, and skills that fit together. A colleague says that she’s “the go-to person for training new employees, template development, and engagement methodology expertise,” and notes that, at a former employer, the Texas Tech University grad developed and implemented an internal audit engagement methodology to prepare for a successful external quality assessment. Now, she participates in assurance and advisory engagements from front-line, customer-facing process audits to back-office, revenue-impacting engagement reviews. She also mentors, coaches, and supervises teams in day-to-day activities, status meetings, and strategic discussions with executive management. In her capacity as president of The IIA’s Denver Chapter, she makes presentations to local universities about the internal audit certification processes and the importance of the internal audit profession. “Don’t be afraid to put yourself out there and take chances,” she advises. “You’ll never receive anything you do not ask for!” It’s important to ask for a new challenge when you feel underutilized, she urges, and to ask questions others are afraid to ask. Ask management what it needs to get its job done — and then help connect managers with those resources, she adds. “In short, ask yourself how you can make your organization better.”
W. Brandon Tanous, CIA, CGAP, CRMA, CLEA
Senior Internal Auditor, Texas Department of Public Safety, Age 29
Brandon Tanous is successful because of his desire to learn and his ability to listen — and his zeal for imparting internal audit insights to clients and colleagues. The Texas State University graduate helped transform his agency’s audit shop from what a colleague called “a feared, inspection-based audit group” into a control-based and client-centered audit department known for educating and assisting clients. He mentors and teaches audit staff on the theory and application of audit standards, and educates clients with his self-termed boot camp, “How to Prepare for an Audit,” and courses such as “The Transformation of the TX DPS Office of Audit and Inspection” and “Internal Controls and the DPS Assurance Continuum.” Those presentations — and the people skills he uses to make them resonate with his audiences — have made his audit shop stronger and more approachable to clients. He also has presented courses at the Texas State Auditors Office Conference, The IIA’s Southern Regional Conference, and the International Law Enforcement Auditor’s Association Annual Conference. Last year he co-authored and published a case in the Association of Certified Fraud Examiners’ Bribery and Corruption Casebook: A View From Under the Table. Tanous also leads a team that develops risk and control self-assessments. His efforts, a colleague reports, are building a foundation of risk management in an environment that does not naturally support the concept. Still, Tanous says the professional accomplishment he’s proudest of is obtaining his CIA designation. “The certification process was a long and tedious endeavor that helped establish my credibility to clients and colleagues,” he says. “I feel that obtaining certification took more dedication and attention than any other task that I have faced.”