Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

Managing Talent to Address Emerging Risks

​Auditors need to shift their attention from traditional ways of addressing risk to a bigger picture focus.

Brian Christensen, executive vice president, Global Internal Audit, Protiviti

Bill Watts, partner and leader of Risk Global Thought Leadership, Crowe Horwath

Comments Views

​What are the biggest risks internal auditors are not currently auditing?

WATTS 1) Technology risk — increasing complexities of cyber threats and the possibility of security breaches, as well as the rapidly evolving Internet of Things; 2) geopolitical and economic risk — fluctuations in oil and other commodity prices, geopolitical conflict, and the rise and fall of emerging markets; 3) evolving corporate reporting — regulators worldwide are looking for more narrative in corporate reporting and more details on the significance of nonfinancial risks; and 4) more complex domestic and global regulations. Companies also need to be aware of emerging global regulatory trends that could be enacted in the U.S. or affect their operations overseas. Examples include the proposed revenue recognition standards and executive compensation disclosure.

CHRISTENSEN The internal audit profession is embarking on new and exciting territory for meeting the expectations of stakeholders in addressing nontraditional risks. Historical bias or repeating the past often results in an audit program focused on financial or operational controls. These remain critical components of a standard risk approach, but they may not address the most relevant or timely concerns. Qualitative and abstract topics such as culture, innovation, digitalization, and geopolitical risk are current examples of audit hot topics. These may not be the ordinary top-of-mind audit risks; however, they are relevant to the boardroom and need to be addressed to demonstrate the value of internal audit. Auditors should embrace the opportunity to measure and monitor these exposures.

How can CAEs quickly bring their teams up to speed on these risks?

CHRISTENSEN Internal audit teams must understand that macro-environmental business, industry, and company risks influence the audit universe. Each of these factors must be considered in assessing and executing audit plans. Internal auditors must be astute in monitoring and gathering the necessary data points to direct their actions. The CAE can be a leader in disseminating facts, but more importantly, teaching team members how to mine for information improves team performance.

WATTS Internal auditors need to pay closer attention to external risks of the organization based on how business is conducted, and recognize the impacts on the organization’s strategy and performance. Auditors can do this by: acquiring the technical skills to audit new reality and risks; knowing and maintaining an understanding of industry and risks — competitive landscape, market drivers, and applicable regulations; using technology and software tools that can render internal audit’s skills and knowledge more effective; and getting involved in operation group meetings and projects to better understand how the organization is changing.

What is a longer term strategy for ensuring auditors are prepared to address emerging risks?

WATTS Auditors need to stay agile, relevant, and valuable by shifting focus from traditional ways of addressing risk to a future thinking/bigger picture focus. This can be accomplished by aligning risk assessments to include market trends, research, and development at the organization, and studying competitor changes. Change must be transformational, not just surface dressing, and will require bold moves to break down old paradigms and create a new model for the future. Internal audit must be proactive versus reactive and embrace change while it is occurring instead of after the fact.

CHRISTENSEN Internal auditors must appreciate that continuous and rigorous education is critical for long-term success in addressing emerging risks. Time and experience are highly valuable to the core learnings in a career. Additionally, exposure to new and emerging ideas and concepts makes the internal auditor relevant, valuable, and capable of addressing the latest trends and their impact on an organization.

What advice do you have for CAEs struggling to determine the right mix of specialized expertise and audit generalists?

CHRISTENSEN All business leaders are tasked with the challenge to build, buy, or rent the skills necessary to achieve a task. The CAE is not immune to this decision tree. The specific facts and circumstances will dictate the approach and level needed and which category. We live in a knowledge-based era, and CAEs must measure the return on their investments and the value to the organization. Specialized IT skills are a great example. Does the value come from seeing many of the same thing or only seeing one thing for an extended period? Different facts may result in different outcomes. The CAE must apply the decision tree and be flexible to maximizing the value equation.

WATTS It is not so much the balance vs. the evolving of the type of auditors you must recruit and develop in your group. You can no longer be one or the other, but must have the versatility to be both in certain areas. Auditors need to be broad in their experience, but also constantly gain knowledge in specialized skills to help add value. The future internal auditor will need to have good soft skills and process and operations knowledge, and not be trained only in traditional methods. Look for individuals with varied backgrounds who have a skill for problem solving and interest in areas that are new to the business world, such as rapidly changing technology usage, data analytics, and mathematics.

How can hiring managers ensure their audit team members represent a good cultural fit for the organization?

WATTS This is the challenge for organizations as the workforce becomes more diverse. You must know not only your organization’s culture, but also the internal audit group’s unique culture. It is important that internal audit communicates and discusses these two areas with every candidate to ensure a strong fit in both environments.

CHRISTENSEN A common theme resonating with boards and management is that internal auditors need to be strong communicators with organizational insight. This might be interpreted to mean internal auditors cannot be lost on the audit trail hiding behind the technical mechanics. Stakeholders want interaction that is a cultural fit. Hiring managers should look at the entire work of the candidate. The technical and educational experiences are often the base level, but what about the broader accomplishments? Can the candidate demonstrate a service mentality, team orientation, adaptability, and similar qualitative characteristics? Life skills are developed in many areas, and we all need to hone these traits. Hiring managers will find these skills will highly correlate to candidates with the best cultural fit.

What is one key tip you would offer CAEs who are developing a talent management strategy?

CHRISTENSEN CAE success is dependent on the robustness of a talent management strategy. People want to be inspired and led. They seek leaders who can show them the way. This is not a once-a-month activity or something that can be relegated to someone else. The CAE must be the coach, mentor, teacher, and leader, every day, 24/7. Be a role model to your people and you will be rewarded in ways never imagined.

WATTS Blow up the traditional strategy and think outside the box. Today’s environment is changing so rapidly that the needs and skills can’t keep up. Think about the end results that are desired in internal audit, and build back to what skills and people you need, not for today, but for what is envisioned over the next three to five years. Be bold and challenge yourself and your organization to take chances on hiring different skill sets and experiences to meet the organization’s risk based on where it is headed, not where it is today.

Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Ia Online StaffIa Online Staff<p>Written by <em>Internal Auditor </em>magazine staff.</p>


Comment on this article

comments powered by Disqus
  • CRMA-Beta-Testing-April-2021-Blog-1
  • Emerging-Leaders-April-2021-Blog-2
  • Professional-Tools-April-2021-Blog-3



Thanks, We Already Know That, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Six Data Privacy Predictions for 2020 Data Privacy Predictions for 2020
Public Servants Are Vital to Defeating COVID-19 Servants Are Vital to Defeating COVID-19