Thank You!

You are attempting to access subscriber-restricted content.

Are You Ready to Experience Everything Internal Auditor (Ia) Has to Offer?

A Voice for the Profession​

Richard Chambers reflects on internal audit’s current state and continuing evolution as his IIA leadership tenure comes to a close.

Comments Views

​IIA President and CEO Richard Chambers will step down at the end of March from the post he has held since January 2009. Chambers has overseen The IIA during a time of significant change, as dynamic social, economic, and technological forces reshaped modern risk management.

As the voice for the profession for more than 12 years, Chambers has written and spoken extensively about how stakeholder demands are changing and how the profession must pivot to meet those needs. As he looks toward the next chapter in his long and storied career, Chambers offered some insights on the profession's continuing evolution and current state.

How have changes over the past decade impacted the profession and The IIA?

Really it starts with the velocity of risk — how rapidly risks emerge, change, and dissipate. This velocity of risk has accelerated dramatically in the last 20 years, whether it is that risks are literally materializing rapidly or the fact that we live in an information era where everything is known and analyzed. It is that exposure that allows risk to intensify so rapidly. 

For most of the 20th century, even as late as 1990 when the internet as we know it was in its infancy, you just didn't have the speed of information that you have today. It's that combination that has really contributed to additional pressures and opportunities for the internal auditor. This new era of information proliferation, and risk dynamics, coincided with The IIA mandating that you needed to be risked-based in your audit planning and audit execution.

How do you think this has impacted The IIA and its work to support the profession? 

It has given us the opportunity to better inform members and help them better respond to emerging risks. For example, if there are new risks that come out of COVID-19, where 20 or 30 years ago, you would need to wait for the next edition of your magazine, today you have ample information available immediately online. This has enabled The IIA to be swift and decisive in providing insight and guidance to the profession on how to address some of these issues.

Do you believe internal audit is where it needs to be right now?

The analogy I've used over the years is that the glass is half full. You can celebrate that it is half full, but you have to candidly acknowledge it also is half empty. We have made great progress in how responsive we are, how versatile we are, how resilient we are, and how quickly we pivot in the face of new risks. We can celebrate all that. The real opportunity for internal audit is to enhance value in organizations. Protecting value is important. It's been an important part of our mission since our inception, and I think it will always be a critical part of our mission. But you really waste opportunity when you have insight and knowledge that you only share when someone makes a mistake. You must be willing to share your perspective, knowledge, and insight when people are making decisions or even when they are not thinking about making a decision. If you are unwilling or unable to do that, you are a resource that is not living up to its full potential. To a certain extent, that is a real opportunity for growth in this profession in the next decade, and I'm hopeful I can continue to be a voice to challenge the profession on doing this.

You've published three books during your tenure as CEO. What impact do you believe those books have had on the profession?

With the materials I create for the profession, it's been my objective to make topics as timely and relevant as I can. 

My first book, Lessons Learned on the Audit Trail, published in 2014, resonated very well. But I began to appreciate — again the velocity of risk — that at five years a book begins to feel dated. It was on that basis that we updated the original manuscript in 2019 to incorporate a lot of the developments over those five years. The main title of that book, The Speed of Risk, is probably the overarching lesson I learned over the course my career. 

Trusted Advisors (2017) was a response to a refrain from the profession that internal audit should have a seat at the table. It's fine to strive for an invitation for a seat at the table, but if you're a trusted advisor you're going to have a seat at the table with your name on it. If you're not trusted and not seen as an advisor — as my good friend Norman Marks has said — "you will sit at the children's table." The whole thrust of the second book is, "What does it take to be a trusted advisor?"

Now you are ready to publish a fourth book, Agents of Change.

The new book takes a page out of the approach we took on Trusted Advisors. We asked, "What does it take to be an agent of change?" Given the thirst in the profession for insights and ideas on being more effective, I believe the new book is going to have the same broad appeal.

Do you believe your books reflect the evolution of the profession?

In a lot of ways they do. Lessons Learned on the Audit Trail is very retrospective. I was speaking broadly about my experiences. Trusted Advisors was much more contemporary. What are the things that highly effective internal auditors are doing in the here and now? Agents of Change is very forward looking. I don't think we have as many agents of change in our profession today as we have trusted advisors. I do distinguish in the book between them. I think a trusted advisor is seen as a reliable and accurate source of insight and information, and regardless of how they are delivering that information, they are so well-trusted that people listen and take action. I think you have to be a trusted advisor to be an agent of change. To be an agent of change, you don't just tell people what's wrong or how they can do something better. You talk about how they can tackle issues in ways that they maybe have never thought of. You're talking about what is possible. If you want to look at it another way, when you look backward, you tell people what was; when you look around you tell them what is; when you look ahead you tell them what is possible. I think agents of change are there to help people appreciate potential.

Is this manageable for most practitioners?

I think so. I think we all have a flame within us that will enable us to be agents of change. The question is whether we are going to turn the flame up and become the beacons that enable us to shine a light on the opportunities that are out there. I think it can be done. I think it will be done. If you look at what we've seen over the last 20 years and extrapolate that in the decade ahead, what you're likely to see is people aren't going to wait for internal audit to tell them what was or what is. They're going to be anxious for us to tell them what could be. There are going to be people who are uncomfortable with that.

In the book I talk about how as assurance providers we used to be called the bean counters. Trusted advisors tell you not only how many beans you've got but how you can grow them, harvest them, and take them to market, and where you have opportunities to improve. Agents of change say, "You know what, quit growing beans. Why don't you look at growing corn or kale or something new? Use that resource and capacity for growing beans and take on new opportunities." There are going to be people who say, "Wait a minute, that's management's job. Management is the one to do that; that's business strategy; that is not our place." If not us, then who else? Who else do you have in an organization other than the CEO or a couple of people in the C-suite who have that 360-degree view that we get as internal auditors and who build up over time that institutional knowledge? I would say it is not uncommon out there for a chief audit executive to have more tenure in his or her role than the CEO does. We're not making the decision. We're fully respecting the role management plays. But we're not adding a lot of value to the company if we only tell management what went wrong.

As you look back over your tenure as CEO, how do you view milestones and achievements?

I think it's been a remarkable decade, 12 years, however you want to measure it. But I don't give myself much credit for any of that. I feel I was privileged to lead the organization during this period. But I think we were destined to do great things. I think what The IIA needs in a CEO as well as a chairman and others on the board are people who have the passion and vision to help the organization realize its potential. They need to be agents of change.

My decision to step down is predicated more by a desire to afford new fresh leadership to come in, so The IIA is not recycling the same leadership style and same ideas for too long a period. I don't feel I've stayed too long. I feel like I've stayed just about the right amount of time, and I've been very grateful for the support I've gotten over these years from the board, and volunteer leaders around the world and the profession itself. But I also think it's time to pass the torch to new leadership.

How would you most like to be remembered, as an executive who led The IIA during a time of extraordinary growth and change or as a longtime volunteer who gave so much time, energy, and intellect to the profession?

I hope I'm remembered as someone who had a passion for this profession and was unwilling to allow it to become complacent. I hope I've been an enabler. I know it may appear at times that I see myself somehow as a bigger part of The IIA than I am. I feel the president and CEO of an organization needs to maintain enough humility to realize the organization is much bigger than he or she is. The organization's mission is much bigger than one person can achieve. I'm hopeful that my successor will be able to leverage the things we've done that worked, and be able to move on from things that haven't worked as effectively as we would have liked.

What should we expect from you post-IIA? 

Like everyone else, my career has been a journey. Since my retirement from government auditing in 2002, I have partnered with organizations that are investing in the internal audit profession and whose mission is to serve and empower the profession around the world. That was true in both of my assignments at The IIA and during my tenure with PwC's internal audit practice. People should expect that I will do the same in the future. There are several organizations that are making investments in this profession because of the potential they see in it. I plan to partner with one of those organizations and continue to be a passionate voice for the profession just as I have been for the last 20 years.

Any closing thoughts as you look back on a long and storied career?

Literally hundreds of people from around the world have reached out to congratulate me on my "retirement." It has been interesting because I haven't used the "R" word once. I have too much energy and enthusiasm to sit on my back porch and watch the sun set. I would rather be up anticipating a sunrise on a new day and new opportunities. I am less than five years away from celebrating 50 years in the internal audit profession. Barring some unforeseen circumstance, I plan to celebrate it with a blog post reflecting on a half-century in the most amazing profession in the world. 

Robert Perez
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to remove comments.

About the Author



Robert PerezRobert Perez<p>​Robert Perez is director, Content Development and Delivery, at The IIA.<br></p>


Comment on this article

comments powered by Disqus
  • AuditBoard-May-2021-Premium-1
  • Awareness-Month-May-2021-Premium-2
  • Virtual-IC-May-2021-Premium-3



Thanks, We Already Know That, We Already Know That
U.S. SEC: Environmental, Social, and Governance Risks Better Be on Your Radar SEC: Environmental, Social, and Governance Risks Better Be on Your Radar
Six Data Privacy Predictions for 2020 Data Privacy Predictions for 2020
Public Servants Are Vital to Defeating COVID-19 Servants Are Vital to Defeating COVID-19