As has become my custom as the year comes to a close, I reflect on the top five headlines or developments that I believe will continue to impact the profession long after we've rung in the New Year. For internal auditors around the world, 2016 should be remembered for dramatic changes to the risk landscape brought about by seismic and unanticipated events in politics and leaks of private data. It also should be remembered for changes that helped elevate the internal audit profession.
1. Brexit, Trump Victories Signal Changing Risk Landscape
The outcomes of the Brexit and U.S. presidential elections reflected deep dissatisfaction with government and a profound desire for change by a significant part of the voting public. Simply put, change affects risk.
Implications: While the votes themselves did not alter the risk landscape, the changes that will result from those votes will. Brexit will force changes to how the world's sixth largest economy interacts with its European partners, affecting immigration, transportation, and trade. Across the pond, president-elect Trump has signaled in numerous ways that his administration will not be "business as usual." Both of these scenarios create uncertainty for the marketplace, and uncertainty often intensifies risk.
Now more than ever, internal auditors will need to be at the top of their games in order to successfully audit at the speed of risk. Regardless of where an internal auditor practices in the world, geopolitical risks should be considered when assessing risks in their organizations.
2. Life in the Age of WikiLeaks
Risk volatility in itself has become a risk in the age of cyber espionage, fake news posts, and WikiLeaks.
Even as cyberattacks and data protection remain major concerns for boards and management, new threats from political-, social- and eco-hacktivism are expanding the risk landscape. As long as there is a market for proprietary information, there will be someone willing to steal it, and allegations of state-sponsored hacking now adds a troubling new dynamic.
In April, hacked data exposed details of more than 200,000 offshore accounts in what became known as the Panama Papers. The October leak of hacked emails from the Democratic National Committee and Clinton campaign may well have impacted the outcome of the U.S. presidential election.
Implications: Internal auditors must be able to provide timely assurance on the adequacy of cybersecurity efforts and crisis-management plans, be nimble enough to respond quickly to unconventional data hacks, and be intimately involved in the organization's efforts to anticipate and defend against emerging threats.
3. Corporate Culture Woes Continue to Undermine Good Governance
The instances of high-profile corporate and government scandals seemed to ebb in 2016, but several public and private organizations still made headlines — from Wells Fargo's checking and credit card account scandal to a number of public-sector auditors coming under fire for simply doing their jobs.
Implications: Continuing instances of governance breakdowns reinforce the need for internal auditors to develop processes and skills necessary for auditing culture. Increasingly, corporate governance codes are being endorsed by exchange markets, central banks, governments, and organizations dedicated to improving governance. Internal auditors should embrace those efforts and support the ultimate goal of improving governance.
4. IIA Standards Update Reflects Evolving Profession
The growing use of internal audit for advisory services is boosting its value within organizations, but it also is creating potential new challenges to independence and objectivity.
Implications: The IIA adopted key changes to its International Standards for the Professional Practice of Internal Auditing that respond to the evolution of internal audit's role in the organization. The most significant changes to the Standards are focused on three areas:
- Enhancing existing standards on quality assurance and communications.
- Creating two new standards addressing objectivity in assurance and consulting roles, as well as addressing new roles internal audit functions are taking on.
- Aligning existing standards to a new set of Core Principles incorporated into the International Professional Practices Framework last year.
Practitioners must remain vigilant to the potential for advisory engagements to affect internal audit's objectivity or even the appearance that it might.
5. IIA Rings NYSE Opening Bell
At the end of June, IIA Global Chairman Denny Beran and I had the privilege of ringing the opening bell at the New York Stock Exchange (NYSE). The NYSE has been a longtime friend and ally to internal auditing, remaining the only U.S. stock exchange that currently requires listed companies to have internal audit functions.
Implications: This event was a significant acknowledgement of the profession's value, and was especially gratifying coming in The IIA's 75th anniversary year. It served as an important endorsement of internal audit's role in commerce and good governance.
In the coming year, The IIA will be leveraging its new Washington, D.C.-based director of government relations to advocate for good governance and educate legislators about internal audit's role. Every practitioner should do the same with his or her organization's management, board, and other stakeholders.