Practices

 

 

Certification: Where to Begin?https://iaonline.theiia.org/2018/Pages/Certification-Where-to-Begin.aspxCertification: Where to Begin?<p>​Earning a certification can enhance an internal auditor’s career by demonstrating his or her subject-matter expertise and commitment to the profession. In the process of studying for a certification, an auditor can develop and practice time management skills similar to those used on an audit, which provides a solid foundation that can increase workplace performance and efficiency. Additionally, immersing oneself in a certification study program will improve an auditor’s ability to learn and fosters curiosity. </p><p>While the benefits are clearly demonstrated, it can be overwhelming choosing which certification to pursue. Auditors should ask themselves several questions when making this important career investment.</p><h2>What Should I Pursue?</h2><p>The IIA offers certifications, designations, and qualifications that can provide value along different points of an internal auditor’s career path. The certifications and designations that demonstrate core competency include the Certified Internal Auditor (CIA), Internal Audit Practitioner (IAP) — which can be applied for after passing part one of the CIA exam — and the Qualification in Internal Audit Leadership (QIAL). The CIA is the only globally accepted certification for internal auditors and is the standard by which individuals demonstrate their professionalism. The QIAL  is for aspiring leaders and current audit executives looking to further establish credibility and successfully lead an audit team.</p><p>The certifications that demonstrate subject-matter expertise include the Certification in Risk Management Assurance (CRMA) and the Certification in Control Self-Assessment (CCSA). The CRMA establishes credibility as an advisor on risk and the CCSA positions auditors to drive organizational change.</p><table class="ms-rteTable-default" width="100%" cellspacing="0"><tbody><tr><td class="ms-rteTable-default" style="width:100%;"><p>​<strong>Changes to IIA Certifications</strong></p><p>The IIA is respositioning its Certification in Control Self-Assessment (CCSA), Certified Financial Services Auditor (CFSA), and Certified Government Audit Professional (CGAP) programs. </p><ul><li>The CCSA program will be integrated with the Certification in Risk Management Assurance (CRMA) through the next CRMA exam update.</li><li>The CFSA and CGAP exam will transition to an assessment-based certificate program.</li></ul><p> <br> </p><p>The last day The IIA will accept new CCSA, CGAP, and CFSA certification applications is Dec. 31, 2018. These certifications will continue to remain valid, supported by IIA training, and require annual continuing professional education credit reporting. Those who currently hold CGAP, CFSA, and CCSA certifications and want to obtain the Certified Internal Auditor credential may register to take the challenge exam from April 1, 2019, through Dec. 15, 2020. For more information, visit <a href="http://www.theiia.org/" rel="nofollow" target="_blank"> <span class="ms-rteForeColor-8">www.theiia.org</span></a>. </p></td></tr></tbody></table><p>Industry-specific certifications include the Certified Government Auditing Professional (CGAP), Certified Financial Services Auditor (CFSA), Certified Process Safety Auditor (CPSA), and Certified Professional Environmental Auditor (CPEA). Each of these demonstrates subject-matter expertise on industry-specific risks. Changes to the CCSA, CFSA, and CGAP certifications are coming in 2019 (see “Changes to IIA Certifications,” right). </p><p>There also are certifications offered by other associations that would benefit auditors who assess an organization’s IT and business systems (ISACA’s Certified Information Systems Auditor) or who want to become experts in fraud detection, prevention, and deterrence (Association of Certified Fraud Examiners’ Certified Fraud Examiner). Auditors should research any certification requirements with the organizations that own them. </p><h2>What Makes Sense for My Career?</h2><p>Auditors should consider where they are professionally and what skills they need to grow. Professional growth can mean moving into management positions or increased contributions as an individual.</p><p>For example, an experienced auditor can demonstrate his or her breadth of knowledge and subject-matter expertise by obtaining an industry specialty certification such as the CFSA or CPSA. An audit manager who is a CIA with career aspirations of audit director or chief audit executive (CAE) could demonstrate commitment to the profession and leadership abilities by earning the QIAL, which has experience and education requirements. The IAP is a great starting point to demonstrate a commitment to the profession while working toward a longer term goal of the CIA.</p><p>It is important to know that some certifications have eligibility requirements, such as education, work experience, formal training, and character references. For example, CIA candidates with a four-year degree must obtain a minimum of 24 months of internal audit experience or its equivalent. A master’s degree can substitute for 12 of the required 24 months. Candidates without a four-year degree can substitute work experience according to the eligibility guidelines. Familiarity with the requirements can help guide professional development efforts through one’s audit career.</p><p>Auditors can start their work toward a certification before they meet all the entry requirements. In some instances, professionals can sit for the exam without having met the work experience requirement and earn the certification once they have accumulated the years needed. The entry requirements — and exit requirements for some certifications — ensure the consistency and integrity of IIA certified professionals.</p><h2>What Makes Sense for My Team?</h2><p>Another factor to consider is the skill of the audit team, overall. If there is a solid concentration of experience, it makes sense to add breadth with a new skill. Does the team have a subject-matter expert on risk management? If not, it might make sense to pursue the CRMA to demonstrate expertise on risk assurance and governance processes. </p><p>Auditors should talk to their CAE about their professional development plan to ensure that the department and personal training goals are in alignment.</p><h2>What Makes Sense for My Life?</h2><p>Studying for any certification is a time commitment, which can vary depending on the certification. After reviewing the certification requirements to determine the number of exams per certification, testing center locations, exam syllabus, and overall time investment, an auditor can make a better informed decision regarding what commitment is appropriate. </p><p>Auditors also should consider how to study. Does this certification have an online training module, study book, or in-person course? How will training fit into the auditor’s life? Reaching out to one’s professional network is also recommended. Colleagues at work or in a local IIA chapter may have valuable insight on time management, study requirements, and other considerations an individual may not think about. In addition, auditors should consider joining an exam-related social media group to connect with others preparing to sit for the test. There are LinkedIn groups and Facebook pages dedicated to preparing for the CIA exam.</p><h2>Elevating the Profession</h2><p>A professional certification can be a worthwhile investment in an internal auditor’s future. To realize the value, professionals should carefully assess what makes sense for their career, team, organization, and overall life situation. Ultimately, a decision to pursue certification elevates not only the status of the internal auditor and adds value to the organization, but advances the profession, as well.<br></p>Dana Lawrence1
Emerging Leaders: 2018https://iaonline.theiia.org/2018/Pages/Emerging-Leaders-2018.aspxEmerging Leaders: 2018<p>F​or a diverse group, this year's Emerging Leaders are surprisingly unified on important aspects of their expanding influence in internal audit. For example, they're unanimously enthusiastic about supporting the profession, through internal and external advocacy, association activity, and educating undergraduates about career opportunities. Moreover, they're uniformly confident they'll rely more on technology to do their jobs tomorrow, and they expect their audit work to involve more IT assessment across the board. And they're looking forward to it — they're confident they have, or can easily acquire, the skills they'll need to stay on top of technological evolution, whatever it turns out to be. Indeed, many of them are already tech leaders at their organizations, providing guidance on audit applications up and down the reporting ladder. But perhaps what unifies them most is that they all want to change the face of the profession and improve it in the eyes of stakeholders. Yet the 2018 Emerging Leaders aren't abandoning the profession's established high standards and effective practices. Instead, they see a bigger picture of internal audit — one that shows practitioners' unique access to and understanding of areas across the business and the diversity of information and advice they can provide. The 2018 class expects to play a meaningful role in their organizations' operations and success, to be sought out as trusted advisors, to track trends inside and outside their enterprises, to provide key data and insights to management on strategic issues, and to assist in assessing the results of their organizations' efforts.</p><h2><img src="/2018/PublishingImages/Alex%20Hardy.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Alex Hardy, CIA, CA </h2><p> <em> <strong>30, Associate Director, Audit & Advisory</strong></em><br><em><strong>Prosperity Advisers Group</strong></em><br><em><strong>Newcastle & Sydney, Australia </strong></em></p><p>Alex Hardy has big ambitions, and one of them is helping young professionals move forward in their careers. “His ambition to attain a partnership role at the company is guided by his vision of transforming the firm’s audit practice and capitalizing on technological opportunities,” says colleague Stephen Coates, a director at Prosperity Advisers Group. But Hardy’s proudest achievement, Coates adds, is being a mentor to junior staff. Already, Hardy is a founding member of the company’s Employee Advisory Board and, beyond the firm, he was named to the inaugural IIA–Australia Youth Leadership Committee. The University of Newcastle graduate is also executive director at Hunter Young Professionals, which provides opportunities for young people to network in a business environment. Indeed, says Bryant Richards, associate professor of accounting and finance at Nichols College and one of this year’s Emerging Leaders judges, “No longer emerging, this individual is a current leader of the profession.” Hardy presents weekly to boards, shareholders, and management on audit outcomes and opportunities for improvement. And he provides pro bono professional services to Renew Newcastle, Cooks Hill Surf Lifesaving Club, and Ronald McDonald House. He also talks a lot about technology. “If you don’t know what blockchain, AI, big data, and real-time access mean, then you are already behind the eight ball,” Hardy says. “All of them are game changers, and a degree of fluency is important for future success.”</p><h2><img src="/2018/PublishingImages/Robin%20Noack.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Robin Noack, CIA, CPA</h2><p> <strong> <em>29, Audit Manager</em></strong><br><strong><em>Federal Home Loan Bank of Pittsburgh</em></strong><br><strong><em>Pittsburgh</em></strong></p><p>Robin Noack understands that effective internal audit demands interaction with other areas of the business. The Pennsylvania State University graduate made a concerted effort to learn Federal Home Loan Bank of Pittsburgh's new governance, risk, and compliance application — and ultimately developed many of the ways the internal audit department puts it to use, notes colleague Dawna Fisher, senior manager at Federal Home Loan Bank. "She also developed a strategy for optimizing interactions with other departments to ensure identification of business unit risks and controls is complete and accurate," she says. Noack's strategy — established by coordinating with other lines of defense within the bank and working closely with the business units — enables internal audit to track audit-related issues that need validation and provide the follow-up on them that regulators require. Her team also prioritizes in-person interaction with clients. "We make every effort to socialize throughout the bank, building trust and positive relationships," Noack says. Business unit leaders regularly request her insights on hot topics and emerging risks in the financial services sector. Noack says knowing the business is part of the job. "It would be impossible to effectively audit a business unit without an intimate understanding of how it works or without strong relationships with the people within that unit," she explains. Additionally, Noack calls on the profession to better educate clients on the value internal audit delivers to the organization. "Everything we do as internal auditors is to protect the business' interests and correct any mistakes before it's too late," she points out. Outside the office, Noack donates time to the local DePaul School for Hearing and Speech and the Pittsburgh Botanic Garden. </p><h2><img src="/2018/PublishingImages/Justin%20Finn.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Justin Finn, CIA</h2><p> <strong><em>28, Assistant Vice President, Senior Auditor</em></strong><br><strong><em>Bank of America</em></strong><br><strong><em>Plano, Texas<br></em></strong></p><p>Justin Finn is “the auditor of the future, possessing both audit and analytical skills,” according to his supervisor, Jim McCole, senior vice president and audit director at Bank of America. Finn, a University of North Texas graduate, started out in the firm’s straight-from-college Corporate Audit Analyst Program, picking up business audit skills in issue validation, point-in-time audits, regulator issues, and continuous audit work in his first rotation. And with no previous Structured Query Language (SQL) experience, he learned to execute automation work relating to data analytics, exception testing, and continuous monitoring testing in the rotation that followed. Finn now serves as instructor for Corporate Audit’s SQL training program and as “automation sponsor” for the bank’s Audit Automation Analytics Champion program. “For sure, technology and the way we understand data will lead things forward,” Finn says. One example is data analytics and automation that enable full-population testing, eliminating the need for a sample approach, he says; another new technology that internal audit is adopting is artificial intelligence-driven ongoing monitoring that replaces some task work. Both require practitioners to develop new data analytic skills and delve beyond a superficial understanding of the technology. At Bank of America, Finn’s internal audit department focuses on finding and extracting data to create custom automation tests to help business line auditors with their own testing. “We can take the data and adapt it,” he says, “whether the internal audit client is looking for graphs or trends analysis, we can take the data and make a more meaningful picture.” Outside the office, Finn finds meaning in charitable work, volunteering at the local Ronald McDonald House and for Operation Kindness’ no-kill animal shelter.</p><h2><img src="/2018/PublishingImages/Linh%20Mai.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Linh Mai, CIA, CISA</h2><p> <strong><em>27, Senior, IT Risk Assurance</em></strong><br><strong><em>EY</em></strong><br><strong><em>Dallas</em></strong></p><p>Linh Mai is passionate about internal auditing and about sharing his knowledge of the profession. Indeed, The University of Texas (UT) at Dallas graduate served as the university's IIA/ISACA/ACFE student chapter president as an undergraduate and at the same time was a teaching assistant at UT Dallas' Center for Internal Auditing Excellence. He also became "the face of the UT Dallas Internal Auditing Education Partnership (IAEP) program," says Center director Joseph Mauriello. "As student coordinator, he worked with leading internal audit departments and professional services firms to introduce themselves to UT Dallas IAEP participants." Mai also organized student volunteer efforts for the IIA–Dallas Super Conferences and the UT Dallas Fraud Summit. He has since delivered numerous addresses to internal audit audiences  on developing student organizations, and he volunteers with ISACA's North Texas Chapter. At EY, he leads audits on areas ranging from Sarbanes-Oxley compliance to cybersecurity. "Sometimes innovative thinking is a matter of thinking differently about an existing innovation," Mauriello says. "He accomplishes this through his advocacy efforts." Part of his message is the reality of the profession's role. "I had the impression that most companies, operations, and internal audit functions were mature," Mai says. "However, the reality is there is significant potential for audit functions to generate value by advising and consulting on improvements in business processes." He adds that he's inspired and motivated by the vast opportunities for internal audit to help stakeholders, especially with the aid of technology. "I envision more processes, such as internal controls over financial reporting, requiring less overhead while providing more useful data," Mai explains, "allowing internal audit a greater opportunity to become advisors and freeing them from strictly regulatory or compliance functions." </p><h2><img src="/2018/PublishingImages/Kamal%20Jishan.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Kamal Uddin Gazi Jishan, ACCA </h2><p> <strong> <em>28, Deputy General Manager, Internal Audit</em></strong><br><strong><em>BRAC</em></strong><br><strong><em>Dhaka, Bangladesh</em></strong></p><p>Kamal Uddin Gazi Jishan tackles complex assignments every day — some technologically complex, some more logistically so. Nanda Dulal Saha, director of Internal Audit at BRAC, says a recent operations-level, organizationwide risk assessment and the adoption of a new system audit approach required “strong and controlled teamwork” to deliver the audit strategy, risk assessment, and reporting — and Jishan was part of those teams. The organization’s internal audit department numbers more than 300, one of the biggest anywhere in the world. Jishan, an Oxford Brookes University graduate, also led a project to automate the department’s report compilation and comparative results analysis, using customized internal audit management system software to pilot the automation before a successful launch. Jishan was recently assigned to the organization’s Kabul-based Afghanistan operations for a country office audit. “I try to gather as much information as possible on the entity before the actual visit by browsing through financial information, management reports, and information available on websites,” Jishan says. “I like to bring as much familiarity as possible with the operations of the project as well as the environment.” Away from the office, Jishan is active in the Bangladeshi audit and accounting community and, Saha says, “he takes pride in representing the global profession of internal audit — The IIA — and promotes membership and certification to that peer group.” Indeed, Jishan reports that he’s looking forward to the CIA Challenge Exam this month; he also emphasizes the value of seeing the bigger picture. “We need to remind ourselves every time of the broader objectives of an engagement,” Jishan advises, “and to focus less on finding out irregularities and more on building a strong, progressive relationship with management.”</p><h2><img src="/2018/PublishingImages/Nick%20Geffers.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Nick Geffers, CIA</h2><p> <strong><em>30, Business Risk Manager</em></strong><br><strong><em>Thrivent</em></strong><br><strong><em>Appleton, Wis.</em></strong></p><p>Nick Geffers likes to build relationships and bring people together. Last year, he was invited to join The IIA’s Young Professionals Task Force, says the Task Force’s IIA North American Board liaison Seth Peterson, vice president and internal audit manager at The First National Bank in Sioux Falls and past Emerging Leader. Geffers has since been a key player in the group’s outreach initiatives, aimed at establishing connections with local chapters and enhancing collaboration. The University of Wisconsin Oshkosh graduate focuses on consulting and risk management assurance engagements at Thrivent and, Peterson adds, he recently became director of development for the company’s Young Professionals Network. “Getting involved with young professionals groups gives us a voice and a bigger part in our profession,” Geffers says. “The power of connection is priceless.” He adds that participating in these groups will always be “incredibly important,” noting that it enables professionals to become connected to something greater than themselves and provides endless opportunities to make an impact. Geffers also supports The IIA’s Fox Valley Chapter as a past president and active board member. “While president, he created templates and standard processes, worked to add new board members from unrepresented organizations, and helped strengthen interchapter relations within the district,” Peterson says. In fact, Geffers says one aspect of the profession he likes even more than he anticipated is the amount of personal interaction involved — it’s one of his favorite parts of the job. He also notes that the more internal auditors connect with others, the more value they can provide — if they’re paying attention, that is. “As we move to becoming true strategic partners,” he says, “we need to listen more to our stakeholders.”</p><h2><img src="/2018/PublishingImages/Jamie%20Olson.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Jamie L. Olson, CIA</h2><p> <strong><em>29, QAIP Project Manager</em></strong><br><strong><em>U.S. Bancorp</em></strong><br><strong><em>Minneapolis<br></em></strong></p><p>Jamie Olson loves learning, and in internal auditing, she says, she’s “constantly learning something new.” The University of Minnesota Duluth graduate started at her current company as a staff auditor in Corporate Audit Services (CAS), then became a senior auditor, and is now the department’s Quality Assurance Improvement Program project manager. Olson was one of 14 U.S. Bank employees selected for a year-long program established to “demonstrate how U.S. Bank is ‘the bank of choice for millennials,’” reports colleague Krista Naccarato, senior audit manager. That program includes collaboration with senior management and committees across the bank, she adds. Olson values her unique opportunity to participate in the program. “It allows me to meet with leaders in the organization to learn more about their business areas and support the bank on a companywide level,” she says. She meets often with professional peers as well, as treasurer and past vice chair of the Young Professionals Committee of The IIA’s Twin Cities Chapter. That emphasis on relationship-building positively impacts her career, she says, by broadening her network and helping her better articulate risks and how they relate to the company as a whole. Those risks, she adds, are becoming increasingly digital, noting that practitioners need to embrace new technology to become more efficient and effective leaders. “If I could change one thing about the profession, it would be the SALY [same as last year] testing mentality,” she says. “We need to keep looking toward the future, and not just focus on the current state.”</p><h2><img src="/2018/PublishingImages/Michelle%20Chelemer.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Michelle Chelemer, CIA, CPA</h2><p> <strong><em>29, Senior Audit Manager, SunTrust Audit Services</em></strong><br><strong><em>SunTrust Bank </em></strong> <br> <strong> <em>Atlanta</em></strong></p><p>Internal auditing is enhanced by creativity. Michelle Chelemer displayed it in spades when she developed a new way to evaluate her company’s sales practices, says manager Joshua Mountz, audit director at SunTrust Bank. The Oglethorpe University graduate “created a cookie dough start-up company and performed secret shopping at branches,” Mountz says, “providing meaningful issues for management to consider that will impact our client experience going forward.” Chelemer explains that the project assessed the accuracy of teammate product knowledge and evaluated marketing materials. “The experience was exhausting, but exciting,” she says. The project received executive-level attention — and appreciation — and inspired organizationwide changes. Mountz adds that Chelemer is seen as a trusted advisor to business partners, and that she’s been recognized at SunTrust with a Gold Performance Excellence Award. He notes as well that she uses the bank’s data analytics resources to examine 100 percent of populations for control testing when feasible and to evaluate automated controls design. She also helps lead recruiting by examining candidates’ qualifications, screening them by phone, and performing interviews; she then trains the new teammates and helps her directors evaluate their performance. Mountz says she’s “the first person that anyone on the team goes to with questions, her directors included.” Chelemer, who also co-founded the Business Leadership Development Fellowship at Oglethorpe and volunteers with the Junior Achievement Discovery Center at Finance Park in Atlanta, thrives on the many areas with which she’s involved. “I’ve always been invigorated by challenges,” she says.</p><h2><img src="/2018/PublishingImages/Brian%20McNalley.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Brian McNalley, CISA</h2><p> <strong><em>30, IT Audit Manager</em></strong><br><strong><em> Macy’s Inc.</em></strong><br><strong><em>Cincinnati</em></strong></p><p>Brian McNalley combines technical expertise and a passion for the profession. “He’s actively involved in The IIA and has a strong focus on data analytics, which is a key area for internal auditors,” notes Jenitha John, CAE at FirstRand Bank and one of this year’s Emerging Leaders judges. “And his chapter leadership achievements are noteworthy.” The University of Cincinnati graduate has been volunteering for The IIA’s Cincinnati Chapter for seven years — in fact, during his time as vice president and president, meeting attendance nearly doubled, notes colleague Branden Keller, a senior IT audit manager at Macy’s. He lauds McNalley’s emphasis on networking events aimed at helping “like-minded auditors meet each other” and his focus on academic relations. “I’m taking on additional responsibilities within academic relations, educating students and getting them involved, to expand The IIA’s presence in the community,” McNalley says. That’s been complicated by a focus on external auditing at local universities, he adds, so the chapter has been holding events to show students the benefits of becoming an internal auditor. The IIA experience, says McNalley, who expects to start exams this fall in pursuit of CIA certification, has been one of the most rewarding of his career. His message to those early-career colleagues: “Getting involved is definitely appreciated and provides some great opportunities.” McNalley also has a strong interest in technology; he’s a data analysis specialist and has built custom scripts to automate testing. “I’d like to continue changing the sample-based testing approach,” he says,” and test full populations with analytics and audit tools.” He also notes that adapting to change is one of the best parts of being an IT auditor. “It keeps our profession from becoming too routine.”</p><h2><img src="/2018/PublishingImages/Haylie%20Kwon.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Hea Mee (Haylie) Kwon, CIA, CPA</h2><p> <strong><em>30, Audit Project Manager</em></strong><br><strong><em>Texas Health & Human Services</em></strong><br><strong><em>Austin, Texas</em></strong></p><p> <strong><em></em></strong>Haylie Kwon wants people to understand internal auditing better. The Korea University graduate says her main emphasis when promoting the profession — to junior staff and university students — is to explain who its practitioners really are. “We are not law enforcement that will find out what you did wrong and punish you,” she says. “I want people to view us more as advisors.” Supervisor Karin Hill, director of internal audit at Texas Health & Human Services, notes that Kwon has ascended the career ladder quickly, and that she is well thought of by those under her supervision. “Staff assigned to her teams are extremely complimentary of her leadership style,” Hill says, adding that Kwon pays compliments, too — she chaired IIA–Austin’s Awards Committee and started the practice of reaching out to volunteers’ supervisors to thank them for supporting staff as they serve the profession. Part of Kwon’s successful style is tracking the evolution of audit clients as they adapt to their own clients’ changing expectations. “We need to be aware of new risks that emerge from those changes,” she explains, “and seek smarter ways to audit so that we can meet our clients’ needs.” That should contribute to a perception shift she feels is crucial, because it affects how internal auditors build relationships with those clients. “We need their cooperation and trust,” Kwon says, “to truly understand the nature of their work and what they are trying to accomplish.” That message needs to be taken to younger audiences, she urges, emphasizing more focus on exposing the profession to undergraduate students — something that she and her classmates never experienced. “As graduates of one of the top business schools in Korea, we were going to be the next generation of business leaders” she explains. “However, we were never exposed to internal auditing, only financial auditing.” Kwon says she was lucky to find her way to internal audit — but bemoans the “many bright young minds that aren’t aware of our profession.” </p><h2><img src="/2018/PublishingImages/Thomas%20Sherrill.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Thomas Sherrill, CPA</h2><p> <strong><em>28, Manager, Assurance and Advisory Management Program</em></strong><br><strong><em>The Home Depot</em></strong><br><strong><em>Atlanta</em></strong></p><p>Thomas Sherrill builds ties that bind — and that save companies money. “He develops strong relationships with his business partners that create open channels for discussion to gain insights into processes and issues,” says his boss, Bob Anderson, vice president of internal audit and corporate compliance at The Home Depot. He adds that the University of North Carolina graduate identifies solutions that provide value to stakeholders and company shareholders — including more than $3 million in cost-out opportunities in just 24 months — and “combines personal relationships with data analysis skills.” The relationships, Sherrill says, are crucial to the audit function’s success. “I always emphasize that creating genuine and strong relationships will make your work personally rewarding,” he explains, “and will allow you to gain information and knowledge around business processes that will help you succeed.” Sherrill, who was awarded IIA–Atlanta’s Mulcahy Leadership Award this year, has led audits across all facets of Home Depot’s business, from mature processes in the finance space to supply chain processes in newly acquired subsidiaries. Additionally, he was last year’s chair of the Diversity and Inclusion Committee for the company’s Internal Audit group. Sherrill also donates time outside of work to help the Empty Stocking Fund distribute toys to underprivileged families during the holidays and pitches in with volunteer landscaping and maintenance assistance at Piedmont Park. Looking toward the future, Sherrill — who recently passed the first set of exams on his way toward CIA certification — says internal auditors will have to keep up with rapidly changing technology by adding skills to their tool sets and continuously learning about new systems and processes. He adds: “The same core characteristics of current professionals — honesty, intellectual curiosity, and ethics — will be as important in the future as they are today.”</p><h2><img src="/2018/PublishingImages/Kyle%20Hebert.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Kyle Hebert, CIA</h2><p> <strong><em>30, Supervisor, Audit Coordination</em></strong><br><strong><em>COBX</em></strong><br><strong><em>Lansing, Mich.</em></strong></p><p>Kyle Hebert understands the importance of institutional memory. When he undertakes major projects, the Northwood University graduate “takes it upon himself to work with others, with a goal of making a positive impact through knowledge sharing, encouragement, and team building,” says former supervisor Sarah Saunders, director, Internal Audit, at Jackson National Life Insurance Co. Indeed, Saunders reports, he approached every project with the intention of growing someone to replace him. In fact, Hebert cites on-the-job mentoring as one of the most beneficial elements of career development. “If you do not have a good mentor, it will be hard to pick up on the important aspects of auditing, such as how to communicate results to a stakeholder,” he says. And he pays it forward, too. Saunders calls him one of the most dedicated volunteers she’s ever seen, explaining that he “jumped in, all in, from day one” at The IIA’s Lansing Chapter, where he now serves as president. Hebert created a new Day of Audit training program and worked to improve relations with local chief audit executives. “Don’t be afraid to get more involved with your career outside your 9-to-5 commitment,” he urges. On the other hand, Hebert cautions that practitioners should be afraid of technological complacency. “We can’t become complacent on the skills we have because they’re becoming obsolete exponentially faster each year,” he says. In his role at COBX, a company within Blue Cross Blue Shield of Michigan’s Emerging Markets division, Hebert oversees the internal and external audit coordination teams, he reports, “ensuring that stakeholders are knowledgeable of what is expected of them from the auditors and regulators, and ensuring that auditors and regulators are receiving information they have requested from the business.” He also leads the department’s annual risk assessment. </p><h2><img src="/2018/PublishingImages/Diego%20Henriquez.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Diego Henriquez, CIA, CPA</h2><p> <strong><em>27, Senior Consultant</em></strong><br><strong><em>Deloitte & Touche LLP</em></strong><br><strong><em>Houston</em></strong></p><p>Just three years into his own career, Diego Henriquez is already assisting others in theirs. The Louisiana State University graduate is a CFO Transition Lab Manager at Deloitte, executing customized eight-hour workshops at some of the world's biggest organizations. The sessions assist new C-suite executives, including chief audit executives and chief financial officers, in analyzing talent, organization, priorities, time allocation, and relationships. Henriquez and his colleagues then work with each individual to develop a 180-day plan for transitioning into his or her new role. "My work on executive transition labs has provided tremendous insight that allows me to better understand how senior executives operate and strategize to deliver results," he says. Colleague Sarah Fedele, a Deloitte principal, notes that Henriquez was recognized as a 2017 IA Transformer of the Month, an award that honors leadership within the practice. Fedele adds: "Ask anyone who has worked with him to describe his leadership style and you'll find a common response: 'He leads by example.'" After work, Henriquez is the Houston Food Bank site lead for Impact Day, Deloitte's firm-wide volunteer event, leading planning efforts and shepherding the participation of more than 300 colleagues. Fedele says he handles that role masterfully and with enthusiasm." He's also an onboarding advisor for Deloitte interns and consultants, and he's heavily involved with the company's campus recruiting efforts. Henriquez is enthusiastic about his work and says internal audit at a professional services firm affords him the opportunity to see a wide range of industries, processes, and departments. "Other professions might focus on one area of a business," he says, "but my work has helped me develop a unique perspective because I am exposed to so many different aspects of my clients' businesses." </p><h2><img src="/2018/PublishingImages/Blake%20Reed.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Blake Reed, CIA</h2><p> <strong><em>28, Accounting Manager, North America Supply Chain Control</em></strong><br><strong><em>Nike Inc.</em></strong><br><strong><em>Memphis</em></strong></p><p>When Blake Reed starts a job, the University of Memphis graduate makes an immediate impact. Applying his understanding of process improvement, finance, and accounting, he establishes himself as a go-to person for internal audit best practices and control guidance. He provides management with specific options for improvement by using data analytics to identify important trends in the enterprise’s workflow. Indeed, he’s “already in a managerial role,” notes Emerging Leaders judge Jenitha John, “which I believe is an achievement for someone his age.” Since being nominated, Reed’s title no longer indicates internal audit, but past posts have included internal audit manager at AutoZone, where he managed Sarbanes-Oxley compliance, oversaw business process audits, and managed the risk assessment and planning process. Reed has also conducted analytic testing of full population transactional data and executed IT audits. “The ability to understand legacy systems and the capabilities of new technologies is going to be the standard moving forward for internal auditors,” he says. “An internal auditor needs to be able to effectively evaluate a system to determine whether it meets the business’ need.” Future practitioners will need to be well-versed in technology and operations to assess and address risk effectively, he adds, but auditor–client interaction will always be just as important — he says he notices its effect on engagements all the time. Reed cites, for example, his clients’ frequent use of the inclusive pronoun “we,” instead of “they,” when discussing a project. “Little things like that let you know you are having an impact and the business sees you as a true value-add partner.” Outside the office, Reed advocates for St. Jude Children’s Hospital and the American Society for the Prevention of Cruelty to Animals. </p><h2><img src="/2018/PublishingImages/Alan%20Nguyen.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Thanh (Alan) Nguyen, CIA, CFSA, CRMA, CCSA</h2><p> <strong><em>30, Manager, Risk Advisory Services</em></strong><br><strong><em>RSM Vietnam Auditing and Consulting Co. Ltd.</em></strong><br><strong><em>Ho Chi Minh City, Vietnam</em></strong></p><p>Alan Nguyen understands the importance of the big picture. "He always focuses on the key objectives of the clients' departments," says former colleague Tham Ta, an audit staffer at Nguyen Kim Holdings. "He regularly updates his knowledge of not only all areas of his organization's operations, but also of the industry as a whole and of business in general." And that, according to Ta, is why Nguyen adapts quickly and provides effective strategic ideas. Many of those ideas, in fact, have contributed "significant improvements to the organization's governance, internal control, and risk management processes," Ta adds. Nguyen says it's part of the job. "As one of four cornerstones of governance, internal auditors need to improve and reinvent themselves," he explains, "and stay updated on not only trends in the industries they work in, but also on global trends." His motivation for learning is simple. "In Vietnam, internal auditing is new, and the profession is being developed slowly," he explains. "Helping it move forward prompted me to develop myself as a professional." Ta reports that Nguyen works actively as a volunteer to help the elderly, orphans, and the homeless. As a practitioner,  he says tomorrow's auditors will, among other qualities, need to be trustworthy, diplomatic, and patient. They must possess strong interpersonal skills, he adds, as well as the ability to think strategically. Nguyen says their reward will be "a holistic view of operations and processes that affords a perfect opportunity to be someone who knows everything about something, and something about everything." </p><p><br></p><p><img src="/2018/PublishingImages/EL_judges.jpg" alt="" style="margin:5px;" /><br></p>Russell A. Jackson0
Editor's Note: Keys to Succeedhttps://iaonline.theiia.org/2018/Pages/Editor's-Note-Keys-to-Succeed.aspxEditor's Note: Keys to Succeed<p>​The October issue of <em>Internal Auditor</em> is always my favorite issue of the year. In it, we recognize the up-and-coming internal audit professionals who are shaping the profession. These bright, young auditors are passionate about practicing, and advancing, internal auditing. They are innovative, and their positivity and enthusiasm are contagious. </p><p>As this year's Emerging Leaders acknowledge, internal auditors face more challenges, and opportunities, than ever. So, what do they say are the keys to success in this evolving profession? The leaders, perhaps unsurprisingly, identify technology as one key, saying they expect to rely more on technology as their careers progress. In fact, technology skills are already an expectation of auditors. As Ernest Anunciacion of Workiva notes in this month's <a href="/2018/Pages/Integrated-Knowledge.aspx">"Eye on Business,"</a> "since technology plays an increasingly large, fundamental role for companies, auditors must fully grasp what's involved and associated with it." </p><p>Certification is another important way in which this year's Emerging Leaders differentiate themselves. In <a href="/2018/Pages/Certification-Where-to-Begin.aspx">"Certification: Where to Begin?"</a>, Dana Lawrence, a risk consultant with Simple Finance, advises readers to consider which certifications to pursue based on what makes sense for one's career and for one's life. </p><p>Richard Anderson adds to the conversation in <a href="/2018/Pages/Ten-Tips-to-Manage-Your-Career.aspx">"Ten Tips to Manage Your Career."</a> Anderson, clinical professor of risk management at DePaul University and a retired partner of PwC, has served as a mentor to many internal auditors throughout his career. In his article, he offers 10 skills that can help internal auditors prosper in today's work environment — skills such as differentiating oneself from one's peers and creating one's own opportunities. </p><p>Internal Auditor's Emerging Leaders, past and present, are a good barometer of what it takes to be successful in internal auditing. Take, for example, the apps they use. Just for fun, Senior Editor Shannon Steffee asked Emerging Leaders from all the way back to 2013 what apps they use to enhance their work and personal lives. In the InternalAuditor.org online exclusive, <a href="/2018/Pages/Powering-Productivity.aspx">"Powering Productivity,"</a> the leaders share the apps they use for travel and expenses, productivity and organization, bridging language barriers, networking, and personal enjoyment. </p><p>Readers can learn more about the 2018 Emerging Leaders in our <a href="/2018/Pages/Emerging-Leaders-2018.aspx">cover story</a>. Thank you to this year's distinguished judging panel, who rated our candidates in the areas of certification, business acumen, leadership, advocacy, community service, and innovative thinking. </p><p>Congratulations to the 2018 Emerging Leaders!</p>Anne Millage0
Skills for New Practitionershttps://iaonline.theiia.org/2018/Pages/Skills-for-New-Practitioners.aspxSkills for New Practitioners<p>​For today's organizations, it's a sink or swim world. Leaders must keep up with the rapid pace at which their industry is evolving or risk losing out to competitors. Inevitably, this pressure is felt by employees, including internal audit staff — auditors who fail to add value or meet expected standards could easily be seen as expendable.​</p><p>In this climate, having the right skills is more important than ever. But which skills are the most important? Especially for those newer to the audit profession, this can be a difficult question to answer. To help shed light on the topic, we recently asked IIA Vice President of Training and Development Lisa Hirtzinger to share her thoughts on areas of competency entry-level auditors should possess. ​</p><h3>What do you think are the most important success factors for new internal auditors?</h3><p>Knowledge from The IIA's International Professional Practices Framework (IPPF) <em>is key</em>. The IPPF is a wealth of information beyond the <em>International Standards for the Professional Practice of Internal Auditing</em>. It encompasses tools and resources to help implement the <em>Standards</em> (Implementation Guidance) and other tools to leverage regarding how to approach an internal audit of specific topics (Practice Guides/Global Technology Audit Guides (GTAGs)).</p><p>In addition, critical thinking, data analytics, and communication skills are often highlighted as success factors for internal auditors. ​</p><h3>What are the key technology skills for new (non-IT) auditors?</h3><p>Every internal auditor needs to understand technology risk. You don't have to be an expert on the latest technology, or a systems auditor, but you do need to constantly be aware of new technologies and risks; and how almost every process has a technology component or interdependency. </p><p>Perhaps the key skill is to not shy away from technology, but rather embrace it and the information available to break it down for you (knowledge briefs, articles, GTAGs, etc.) ​</p><h3>How important is industry-specific knowledge for new auditors?</h3><p>It depends on your career path; first focus on the fundamentals. Then build on your skills whether industry, technical, or leadership (or a combination). </p><p>It may also depend whether you started your career in internal auditing, or whether you are joining the profession from operations/service. Either way, industry-specific knowledge is critical to enhancing organizational value via your internal audit role. ​</p><h3>How would you weight the importance of soft skills compared to technical skills?</h3><p>Equal – technical is required to be a great internal auditor; and then soft skills make you successful in the environment you operate within (partnering with peers, teaming with co-workers, communicating with stakeholders).​</p><h3>Given the rapid changes in business and technology, how often do you think new practitioners should be updating their skills?</h3><p>Always and continuously. Part of being a great internal auditor is being curious and leveraging resources. You can invest as little or as much time as you have, or as the challenge ahead calls for; but do try to invest time for yourself, for your career development, and for the collective skill level on the internal audit team. There are so many tools and resources available to take advantage of — the important thing is to set aside time to leverage resources before an audit, share what you know with peers during an audit, and apply what you learned to the next audit. </p><p>This leads me to another great factor about our profession, which is knowledge sharing. Don't be afraid to ask others for ideas and input — oftentimes rewarding and engaging conversations follow.   ​</p><h3>Are recent graduates expected to have some training before they're hired, or is it assumed most or all learning will occur once they start the job?</h3><p>Internal auditing is such an exciting opportunity and career because of the wide exposure we have within organizations. Many organizations have wonderful onboarding and/or internship programs.</p><p>At the end of the day, required experience depends on the organization, but more often than not internal audit functions are looking for talent with competencies such as process improvement and root cause analysis. They're also seeking change agents, critical thinkers, and good communicators, as well as those without fear of technology.​</p><p>If you really want to set yourself ahead of the competition, consider preparing for the Certified Internal Auditor (CIA) exam, which assesses the skills foundational to the profession.</p><h3>For those entering the profession from other fields, what types of competencies are generally sought after?</h3><p>Industry knowledge, business acumen, process improvement, risk management, lifelong learning, and a willingness to pair that knowledge with internal audit processes.​</p><h3>How important do you think an understanding of the business is for new practitioners?</h3><p>Absolutely critical, and yet don't expect yourself to understand it all the first day, week, month, or year. At a minimum, ask questions about your organization's strategic plan and objectives so you can always link the audit you are working on to the bigger picture.</p><p>Each audit provides an opportunity to learn more, connect more dots, meet new people at the organization, benchmark compared to other organizations, and find additional information and resources. The key is to be open to always adding to your knowledge and be able to apply that specifically to your organization in order to enhance value. ​</p><h3>For new auditors who aspire to higher level positions, what is the best way to start moving up the ladder?</h3><p>One way to get started is to show initiative, whether by taking on additional roles, or being open to learning and feedback. In addition, I would recommend getting certified, as it lends credibility that you've been assessed on your competencies and are maintaining the designation/knowledge. ​</p><h3>Is there a rule of thumb you'd advise for the amount of time new practitioners should devote to professional development?</h3><p>The rule of thumb is simply to do just that: devote time to professional development — you determine how much and what type. It is not about achieving or limiting yourself to a specific number of CPE credits; rather it is about your career path and growing your skills and value. Continuous knowledge is critical to your success as an internal auditor. We live in a rapid pace of change, and our knowledge needs to keep up to ensure we are delivering value in real-time.</p><p>There are many ways to gain skills, whether by networking, taking advantage of knowledge resources, finding a mentor, attending professional development opportunities (online or in person), etc. The important thing is to set a goal and have a plan. It can be as simple as ensuring you read two new articles that spark ideas each week (one technical and one soft skill), or as rigorous as preparing for the CIA exam. The opportunities are endless, but failure to focus on professional development will leave you behind your peers.</p>Staff1
Producing Quality Audit Reportshttps://iaonline.theiia.org/2018/Pages/Producing-Quality-Audit-Reports.aspxProducing Quality Audit Reports<p>​The audit report represents the end result of weeks of reviews, analyses, interviews, and discussions. It provides important information to audit clients about the area reviewed by internal audit. More importantly, it provides details to management about significant issues that need to be addressed. How well internal auditors communicate that information is critical to getting their client’s acceptance of findings and their agreement with audit recommendations. </p><p>Quality reports require thought and effort. Auditors should consider who will read the report, what they will do with it, what level of detail is necessary, what the organization’s culture and norms call for, and if industry-specific language is necessary. IIA Standard 2420: Quality of Communication says communications should be accurate, objective, clear, concise, constructive, complete, and timely.</p><h2>Accuracy</h2><p>Inaccurate information could adversely impact the credibility of the entire audit report, so accuracy is critical. All of the numbers should be correct, the information should be factual, and documentation verifiable. There may be disagreement on what the numbers or facts mean, but there should never be an argument about their accuracy. </p><p>Accuracy is enhanced by appropriate supervision of the audit engagement. The IIA’s <em>International Standards for the Professional Practice of Internal Auditing</em> requires adequate supervision of engagements, and part of that includes verification of numbers and facts. Accurate and precise information lessens the chance of a misunderstanding.</p><h2>Objectivity</h2><p>Objectivity is the second most important quality behind accuracy. If readers feel that the report is not objective, it could undermine the confidence they have in the report. And while the report may be objective, the subtle use and placement of certain words can appear to show bias. This can be crucial to whether the reader accepts the auditor’s conclusions and recommendations. </p><p>Objective words are precise. They speak to the facts and can be supported by evidence. Biased words are subject to generalization and distortion of information. For example, the statement, “Very confidential files were just stuck in a drawer where anyone could get to them,” is biased and opinionated. A more objective statement would be, “Confidential files were stored in an unsecure drawer to which unauthorized personnel had access.”</p><p>Reports must be clear enough for readers to understand without having to refer to anything else. Language should include precise modifiers and clear technical terms.</p><p> <strong>Precise Modifiers</strong> A modifier is a word or phrase that alters the meaning of another word. Generally, the modifying word should be as close as possible to the word it is modifying. Otherwise, the modifying word could attach itself to a word that was not intended to be modified. This can subtly alter the meaning of the sentence or make it ambiguous. </p><p>For example, see how the placement of the word almost changes the meaning of the sentence: “The plane almost failed every inspection” vs. “The plane failed almost every inspection.” The first sentence leads readers to believe that the plane passed every inspection, whereas the second sentence indicates that the plane rarely passed any inspection.</p><p> <strong>Clear Technical Terms</strong> Auditors should consider spelling out acronyms, replacing technical terms with nontechnical words, and embedding definitions within the sentence. For example, “The audit department uses the COSO framework, a comprehensive list of controls, as a standard for controls and risks.”</p><h2>Conciseness</h2><p>Readers always appreciate conciseness, but it should not mean cutting down on information. It means using fewer words to convey the same information. Some things that impact conciseness include drawn-out verbs, overstated language, and redundant modifiers.</p><p>Drawn-out verbs turn verbs into noun phrases. They often, but not always, contain a noun with the “tion” ending and require a preposition. In most cases, the phrase can be replaced with one word. For example, “Make a determination of …” can be replaced with the word “Determine.” And “Perform a verification of …” can be replaced with “Verify.” Replacing the words conveys the same information with fewer words. </p><p>Overstated language uses longer, more complicated words where simpler, shorter words will do. For example, “Due to the fact …” can be replaced with “Because.” And “In order to …” can be replaced with “To.” Again, this doesn’t detract from the information. </p><p>Redundant modifiers turn a simple adjective into a long phrase. For example, the phrase, “In the month of May …” can be replaced with the words “In May ….” And the phrase, “On a daily basis …” can be replaced with “Daily.” </p><h2>Constructiveness</h2><p>Constructiveness primarily refers to the audit recommendations, which should give audit clients information to correct the current problem and also address the root cause so as to mitigate future occurrences. For example, departmental procedures call for inventory to be reconciled monthly. The audit determined that there were three months that did not get reconciled, and the manager explained that the person who normally does it was on sick leave and had no backup. In the audit report, the recommendations read:</p><p> <span class="ms-rteStyle-BQ">“The inventory manager should review the three months of inventory to ensure its accuracy. Further, the manager should cross-train another person in the department to serve as a substitute when the primary person cannot reconcile the inventory account.”</span></p><p>The recommendation addresses the three months that were not reconciled, the root cause, and cross-training another employee to ensure this does not happen again. </p><p>Giving management information to correct the problem and keep it from happening again adds to the quality of the report and shows how audit adds value to the organization.</p><h2>Completeness</h2><p>Everything the reader needs to make an informed decision should be included in the report, and no significant information should be left out. The auditor must not omit valid information because it does not support his or her points. Present all the facts and allow the reader to decide.</p><p>Standard 2410 states, “Communications must include the engagement’s objective, scope, and results.” So, the report is not complete without the reason for the audit, the final conclusion based on the evidence reviewed, and the amount of evidence reviewed to come up with the conclusion.</p><h2>Timeliness</h2><p>Auditors should complete and issue reports as soon as possible to give the audit client a chance to address the issues timely. Timeliness may vary based on things like the audit resources needed to complete the audit, the complexity and significance of the audit, the report review process, and other factors. </p><p>If serious issues need to be communicated before the report is completed — such as customer or employee safety or significant loss of assets — the auditor should immediately issue an interim report or memo to allow the client the opportunity to address the problems as soon as possible. The interim report or memo can be referenced in the final report.</p><h2>Valued Reports</h2><p>An audit report must be accurate and objective; flexible enough to communicate sometimes complex information to various levels of people; and able to withstand the scrutiny of peer reviews and other assessments, depending on the industry. A quality audit report aids audit clients in making informed decisions, so taking the time and effort to put it together benefits the audit client and auditor. </p>Jonnie T. Keith1
When the Wheels Come Off an Internal Audit, the Culprit Is Usually Poor Planninghttps://iaonline.theiia.org/blogs/chambers/2018/Pages/When-the-Wheels-Come-Off-an-Internal-Audit-the-Culprit-Is-Usually-Poor-Planning.aspxWhen the Wheels Come Off an Internal Audit, the Culprit Is Usually Poor Planning<p></p><p><img src="/2018/PublishingImages/Truck%20with%20wheel%20coming%20off.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />In my role as president and CEO of The IIA, I meet and converse with internal auditors around the world. It's gratifying to hear abou​t their successes, and important to learn about their challenges. In this week's blog post, I want to share with you some of the things I've heard when internal audits go bad. My hope is that, by talking about our mistakes, we can correct our course and prevent future problems. </p><p>In general, most issues that arise when the wheels come off during internal audits stem from a single root cause: inadequate engagement planning. It can be tempting to cut engagement planning short, especially when we're still trying to wrap up the last audit. But when we resort to shortcuts, the results can be disastrous. In the words of Benjamin Franklin, "By failing to prepare, you are preparing to fail." </p><p>Here are just a few examples of how things can go south when internal auditors fail to adequately plan:</p><ul><li>I recently heard about an internal audit that got off to a disastrous start simply because the auditors didn't explain to the client during the planning phase why they were coming and what they hoped to accomplish. To be sure, they had intended to detail the audit objectives and process at the beginning of fieldwork, but before they could do so at the kickoff meeting, their nervous new client was already in a defensive meltdown mode.  <br></li><li>Another internal audit department was proud that it gave clients plenty of notice about upcoming engagements – six full months ahead of time, in fact, when the annual plan was approved. But when the team flew in for fieldwork in Europe, the client wasn't there. Once again, the problem turned out to be poor communications during the audit planning stage. The engagement supervisor failed to check back with the client in the weeks immediately before the audit, and the client simply forgot about the upcoming engagement.  <br></li></ul><ul><li>Last year, I heard about an internal auditor who reviewed the results of a previous internal audit during the planning phase, but did not consider the work of other assurance providers. Testing was well under way when the exasperated client pointed out that the compliance department and regulators had both reviewed the exact same things a month earlier — and that neither had noted any problems. Naturally, there were some red faces in the internal audit department.<br></li><li>If you've stayed at a hotel two hours away from your client's location because you postponed making reservations until nearby hotels had no vacancies, you're not alone. If you've ever spent a weekend driving to a distant audit location because you waited a little too long to reserve a flight, you're not alone in that, either. "Didn't anybody arrange for a rental car?" "Wasn't somebody supposed to reserve a conference room?" "When do you think we can get access to the system?" I often hear of logistics problems that could be avoided simply by starting planning a little earlier and by using a checklist to help ensure details are not overlooked.</li><li>The most common "rookie" planning mistake is simply failing to ask for advice or help when it is needed. I have known several internal auditors who tried to go it alone when they did not have the knowledge or skills necessary to perform parts of an engagement. I have known others who tried to avoid the problem by eliminating audit procedures that should have been performed. Both approaches can lead to poor outcomes, yet a simple conversation with a supervisor might have solved the problem easily. For example, a new internal auditor might have been partnered with someone who knew more about the organization, an auditor reassigned to make better use of his or her individual knowledge and skills, or training might have been available. </li><li>Two internal auditors on one of my teams once found evidence of significant problems in a process under review. After weeks of testing, they shared their results with the client. The client told them that he was aware of the issue, which was why a decision had been made several months earlier to discontinue the process. New equipment was already on order. If, during the planning phase, the auditors had inquired about operations that might be changing in the future, they could have saved themselves weeks of work.</li><li>Another team of internal auditors did not learn until the start of fieldwork that a new technology had already been implemented. Unfortunately, the assigned auditors were not qualified to review the new technology, so they canceled the engagement and rescheduled an audit for the following year. But the worst was yet to come: Due to a staffing change, nobody told the next year's engagement supervisor about the canceled audit. Once again, audit planning was minimal; once again, the wrong auditors were assigned to the review; and once again, the audit had to be canceled ​after it had begun. I'm told that the client's reaction was "memorable."<br></li></ul><p>Each of these situations reflected poorly on internal audit, frustrated the internal auditors and the clients, and illustrated the type of inefficiency and ineffectiveness that internal auditors are supposed to prevent, not foster. But, in some cases, we may not be aware of the extent to which poor audit planning damages our reputation and our ability to add value.</p><p>One of the senior staff members in The IIA's Quality Services department recalled an internal audit function that did not include a planning phase in its audit engagements. The internal auditors had used the same work programs for years, basically repeating the same audits over and over with little client interaction. The internal auditors were good at staying on schedule, but because their audit reports always read the same, they did not address specific client concerns. So, most of the findings involved relatively minor errors or oversights. The outcome? The clients had a very low opinion of the internal audit function and stated that they did not believe it added value. </p><p>Audit planning is an investment, but it is an investment that can pay big dividends in terms of improved credibility and relationships with our stakeholders. It is also our best opportunity for improving audit effectiveness. That's why world-class internal audit functions plan, plan – and then plan some more.</p><p>These are just a few of the things that can go wrong when internal audits are not properly planned. I'm sure you have other examples. Keeping in mind that The IIA's motto is "Progress Through Sharing," I'd welcome your comments.</p>Richard Chambers0
I Was Right All Alonghttps://iaonline.theiia.org/2018/Pages/I-Was-Right-All-Along.aspxI Was Right All Along<p></p> <p>I used to play a lot of chess. I was never very good. My U.S. Chess Federation ranking hovered around 1200. In other words, not only did Bobby Fischer have little to worry about, neither did my cousin, my friends, and even, on particularly bad days, my dog. But that didn’t stop me.</p><p>Like the serious chess players, I spent interminable amounts of time with my head bowed over the board pondering each move. It didn’t help much. But I continued to do it because protocol dictated that I sit perfectly still ruminating, contemplating, deliberating, cogitating, and in general, looking the part of the keenly focused chess genius.</p><p>All these years later, I finally realized one of the roots of my failure. My thinking process was skewed. Rather than exploring alternatives and focusing on the impact of each move, I was spending foot-pounds of mental energy proving to myself that my initial gut feelings were correct. If my first thought was to move my king’s knight to Q4, then I would look for everything I could to support that decision — even if I noticed the queen bishop’s pawn could indiscriminately destroy said knight.</p><p>In psychology and cognitive science, this tendency is known as confirmation bias. And auditors fall into the trap as easily as anyone else. No significant findings will emerge because the data shows the audited department is meeting all its key performance indicators. The prime suspect for committing fraud is the administrative assistant because he is implicated in the initial referral. The audit will reveal significant issues for the department because all previous reviews have included significant issues. We don’t need to talk to the client about correcting the identified issues because the solution is obvious. </p><p>Looking at these examples, confirmation bias seems obvious. But it can sneak up when we least suspect it. Take, for example, conducting interviews. Many experts say people develop their first impressions about someone within as little as 30 seconds. In fact, one study, conducted in 2006 by psychologists Janine Willis and Alexander Todorov, found they occur in one-tenth of a second. That’s how quickly confirmation bias can take hold, potentially clouding any subsequent facts or evidence that may arise from the interview process. </p><p>When we are knee-deep in audit work — when time constraints, budget issues, and the pressures of just getting things done loom over our heads — we take shortcuts. Shortcuts are not necessarily harmful or disadvantageous. Often, gut feel is really just another term for experience. But we have to recognize the shortcuts and take time to ensure our gut reactions are not rooted in confirmation bias.</p><p>One of the keys to critical thinking is to take that extra time and to make sure we are thinking about how we think. The last thing we want to do is sacrifice a knight just because it was the first move we saw. ​</p>Mike Jacka1
Women at the Tophttps://iaonline.theiia.org/2018/Pages/Women-at-the-Top.aspxWomen at the Top<p></p><p>T​here is a gender gap in internal audit positions that grows wider with each step up the corporate ladder, according to the Internal Audit Foundation’s 2015 Global Internal Audit Common Body of Knowledge (CBOK) Practitioner Survey. At the staff level, women hold 44 percent of the positions; at the management level, they represent only 34 percent. When it comes to the top rung — chief audit executives (CAEs) — the gap is wider still, with women holding 31 percent of those positions at publicly held companies. </p><p>The CBOK study suggests a couple of factors that may indicate this imbalance is a numbers game. First, there are not as many women in management and executive roles simply because many women leave the workforce for other priorities. Another factor may be timing. Many women who are now eligible for higher positions entered the workforce decades ago, when fewer women worked outside the home — hence, the talent pool is smaller. </p><p>But is the causality behind the gender gap that simple? The survey indicates that women possess a significantly lesser amount and depth of formal education, business-specific training, and professional certification than men. And women’s parental obligations make it difficult for many of them to accommodate the travel demands and long work hours that accompany advancement in the profession. They often are perceived as less competitive, ambitious, and adept at organizational politics — perceptions that may have more to do with traditional roles than reality. </p><p>Collectively, women may feel the deck is stacked against them as they strive to advance to the top of the profession, but some have played their cards right. Here are six women who have beaten the odds.​</p><h2> <img src="/2018/PublishingImages/Liz-Dantin-Franklin.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" /> </h2><h2>Liz Dantin Franklin<br></h2><p> <strong>Chief Audit Officer</strong><br><strong> Fidelity National Financial Inc.</strong><br><strong> Jacksonville, Fla.</strong> </p><p></p><p>Although Liz Dantin Franklin’s résumé reflects just two employers — a public accounting firm where she started as a staff auditor and Fidelity National Financial — she has weathered a sea change in how women are perceived in the workplace. “In 1989, the year I started, only two of the eight hires were women,” she recalls. ​As time went on, women became a bigger proportion of those hired and firms started focusing on retaining them. </p><p>Although now she can laugh at some of her adventures in traveling globally while pregnant, less pleasant are the memories of being expected to set aside her gender to compete in a man’s world (see “Achieving a Balance” below​). “When I was put up for partner, someone I worked for told me I had better not show up pregnant during the selection process,” she says. It was already too late. She hid her pregnancy as long as possible, but the evidence soon showed. She made it to the last round of cuts but was told she was being deferred two weeks before the new partners were announced because of reductions in the number of partner admittances that year. “I will never know what the real reason was for being deferred,” she states. “But having a child may have interfered with their plans.”</p><p>Franklin’s skills positioned her favorably for advancement. She cites communication, technical skills, and flexibility as especially helpful in her move up the ladder. Being able to communicate with people at all levels of the organization and to apply her knowledge of internal audit and internal controls were key, while being flexible showed her “willingness to be available to accommodate client requests, as needed,” she says. </p><p>Flexibility was in evidence in the partner track, which necessitated multiple relocations, made possible only by a husband who set aside his career to be a stay-at-home father. But, when a seventh relocation was requested, she took an offer from Fidelity National Financial instead. </p><p>Today, Franklin mentors younger employees, urging them to focus on what they do well and to become adaptable. She encourages them to find a champion to show them opportunities and guide their experiences. And she advises not being afraid to take chances. “When I make a decision, I don’t look back,” she says. “Do your best and be confident that you have enough skills to make it work.”​</p><h2 style="text-align:right;">Brandi Thomas​<img src="/2018/PublishingImages/Brandi-Thomas.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" /></h2><p style="text-align:right;"> <strong>Vice President, Corpora​te Audit</strong><br><strong> Delta Air Lines</strong><br><strong> ​ Atlanta</strong></p><p>As a black female, I don’t always receive the instant respect and credibility that others do,” Brandi Thomas says. “I have shown up at industry events and had someone ask me to bring them another drink.” Thomas is accustomed to being “the only” in the room — the only woman, the only person of color. Perhaps that is why “Get up” is her mantra. “That’s what I do,” she explains. “I always get up to fight another day.” </p><p>Thomas is convinced that diversity is important in internal audit because of the function’s broad charter. “Audit is both art and science,” she says. “Without diversity, it is easy to get caught up in only the science.” She also notes the positive impact of diverse candidates seeing people who look like them successfully navigating leadership positions. </p><p>Although Thomas provides that role model for internal auditors, her career nearly took a different turn. She began college in a pre-med program. One physics class later, she knew she was in the wrong field. After graduating with a degree in finance, she went on to hold mostly audit and controllership positions — a background that gave her “an appreciation for the business implications of audit findings and for how to write and speak like a businessperson, not an auditor,” she says. </p><p>But business focus is not enough. Thomas considers caring a key factor in her success: caring to deliver the best product she could, to respect those around her, and to help those coming after her. She notes this attitude is a strength many women bring to internal auditing. “I feel a responsibility to my company to make sure we are highlighting the right risks and truth-telling about the status of those risks,” she says. “Even if the ultimate message is not popular, I try to make sure no one is caught off guard.”</p><p>Given Thomas’ success, that college physics class was fortuitous. “Looking back on my career, I can see that I was always trying to move on from audit, but audit kept finding me,” she says. “Today, I think it is the coolest job on Earth.”​​</p><h2> <img src="/2018/PublishingImages/Kelly-Gauger.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" /> </h2><h2>Kelly Gauger</h2><p> <strong>Vice President, Audit Services</strong><br><strong> CenterPoint Energy Inc.</strong><br><strong> Houston</strong></p><p>Kelly Gauger followed a roundabout path to her current position. Starting in external auditing for a public accounting firm, she transitioned from auditor to clie​nt, doing financial reporting and accounting in various manufacturing environments.</p><p>In 2001, Gauger joined CenterPoint Energy, managing U.S. Securities and Exchange Commission reporting until she was promoted to director of accounting, overseeing both “normal” and regulatory accounting for the business. “Regulatory accounting and reporting are very unique skills,” she explains. “However, gaining knowledge and experience in this area really enabled me to learn the business and helped position me for my current role.” She considers her transition to the internal audit role in 2012 as “a logical progression.”</p><p>While Gauger acknowledges that women are sometimes challenged in the workplace, she considers herself fortunate. She has observed instances of favoritism over the years, but says she has never experienced it personally. “If you stay true to yourself and always strive to exceed your own expectations, the opportunities and recognition will come,” she says. “I also believe that operational roles and certain industries are more prone to gender inequality in the workplace, compared to roles in the corporate arena.”</p><p>Gauger regularly mines her own experience to provide her audit team career guidance such as:</p><ul><li>Never turn down an opportunity that comes along. It may not be an assignment you planned, but it could turn out well.<br></li><li>Attend roundtables and conferences and learn from CAEs you meet there.<br></li><li>Establish strong, ongoing relationships with stakeholders such as the audit committee chair, senior management, and key clients.<br></li><li>Never stop learning. Internal auditing is changing fast. “You can become part of it or become obsolete,” Gauger says. In fact, adaptability is what she looks for in her staff. “What I looked for 10 years ago is completely different from what I need now.”<br></li><li>To earn promotion, shift from doing to managing. “Learn how to delegate,” she says. “You can’t set strategic direction when you’re down in the weeds.”<br></li></ul><p> <br> </p><p>Gauger acknowledges that she learns as much from her team members as she teaches them. “I advise building a strong team and empowering them,” she says. “You are only as good as they are.”<br></p><h2 style="text-align:right;">Mary-Margaret Henke<img src="/2018/PublishingImages/Mary-Margaret-Henke.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" /></h2><p style="text-align:right;"> <strong>Senior Vice President, ​</strong><strong>General Auditor</strong><br><strong> Western Union</strong><br><strong> ​Englewood, Colo.</strong></p><p>Mary-Margaret Henke attributes her rise to her current position to the “80-20 rule.” In her experience, 80 percent of the time invested in moving up the career ladder is focused on three things: 1) hard work, which encompasses technical knowledge and soft skills; 2) getting and leveraging a champion; and 3) luck. “I have found that if you have the first two things, you markedly improve your chances of having the third,” she says.</p><p>For Henke, hard work began with 10 years at PwC, then continued with progressively more responsible roles at CoBank, Janus Capital Group, and Western Union. Along the way, she added skills in preparing and auditing financial statements, implementing U.S. Sarbanes-Oxley Act of 2002 compliance programs, and leveraging IT. When the CAE role opened at Western Union, she had the support of two key individuals and got the job. “I had worked hard for the chief financial officer and controller, so they championed me,” she explains. “Luck came into play when the person previously holding the position left.”</p><p>Her success had its challenges. A self-described “tightly wound Type A personality,” at first, she came across to clients, bosses, and co-workers as too aggressive. She does not know if she was judged this way because she is a woman, but she acknowledges that it was true. “I would drive action too quickly because that’s my nature,” she explains. But that does not mean assertiveness is wrong. “You need to be assertive in an intentional way,” she says. “The ‘best of me’ is a person who balances my assertiveness with stopping, listening, and obtaining more information before driving ahead.” </p><p>Henke does not regret her mistakes. They have helped her improve what she considers to be one of women’s innate skills — a reliance on nuance rather than brute force. For her, the bottom line is, “Do you only want to be right or do you also want to be effective?” </p><p>This viewpoint is especially important in internal audit. Hence her strong support of diversity in the profession. “I need the different perspectives that diversity enables,” she says. Henke will take the insights she gained as a CAE into her new role as Western Union’s senior vice president of corporate applications, governance, and transformational programs.​</p><h2> <img src="/2018/PublishingImages/Yulia-Gurman.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Yulia Gurman</h2><p> <strong>CAE</strong><br><strong> Packaging Corporation of America</strong><br><strong> Lake Forest, Ill.</strong></p><p>As a Russian national and international student, kickstarting a career in the U.S. had additional complexities for Yulia Gurman: English is not her first language and finding a first job necessitated certain legalities. “Some companies do not wish to do visa sponsorships,” she explains, a challenge she overcame by networking. “I became active in campus accounting groups and made contacts in the accounting firm that ended up hiring me.”</p><p>After a few years in the accounting firm, she joined OfficeMax as a senior internal auditor. Not long after she became OfficeMax’s director of internal audit, the company merged with Office Depot and relocated its headquarters. Gurman, with two small children, declined the move and joined Retail Properties of America in a position that enabled her to create the internal audit department from scratch. Three years later, she landed her current position at the Packaging Corporation of America. She notes, “I was looking forward to the next challenge in my career. This was a perfect fit.”</p><p>But the new job had its adversity. Frequent changes in leadership within internal audit and the company’s executive team required her to adapt to the new individual’s style and priorities. Filling her team with the necessary talent in a competitive market also proved difficult. “I could overcome that by tapping into a student network we formed by connecting with universities,” she explains. “We promoted the company to them and captured their interest by sharing the great things our team accomplishes.”</p><p>Gurman advises women seeking to advance their careers to build a network and seek out mentors. Case in point: The person she replaced in the CAE position was the vice president who hired her for her first internal audit job at OfficeMax. He supported her candidacy for the company’s CAE position.</p><p>Gurman also urges women to get involved in high-profile projects, even if they have nothing to do with internal audit. “They give you a chance to show people what you are capable of doing,” she says. In her view, women have the same opportunity as men to become a CAE, but they must take control of their own career, even when it is not easy or pleasant.​</p><h2 style="text-align:right;">Jenitha John<img src="/2018/PublishingImages/Jenitha-John.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" /></h2><p style="text-align:right;"> <strong>CAE</strong><br><strong> FirstRand Bank</strong><br><strong> ​Sandton, South Africa</strong></p><p>Jenitha John credits a good road map for her success ​in reaching many personal and professional milestones over the past two decades. “I have three mottos that have shaped my journey: persistence pays profits, competence creates confidence, and setbacks sow setups,” she says. </p><p>John has needed each of those signposts over the course of her life — starting well before she entered the workplace. “I grew up extremely poor and lost both my parents at a very young age,” she explains. “This meant learning how to fend for myself during my teenage years. It was a catalyst that drove me toward my goals.” </p><p>John’s career was built in different industries and economic sectors — Toyota, Eskom, Telkom, Discovery, and now FirstRand — as she held audit and accounting positions and served as a nonexecutive director. She also completed a senior executive program at Harvard Business School and earned various professional certifications.</p><p>The path to success was not always smooth. John acknowledges the gender disparities. “Most industries I operate in are still patriarchal,” she says. “All jobs in the organization are still predominantly male, including my existing job.”</p><p>Despite such challenges, John is convinced women have the emotional intelligence and resilience to overcome all hindrances — to “wake up, dress up, and show up.” And she stresses the importance of diversity in business and internal audit. As organizations transform to respond to changing risks, internal audit must keep pace to reinforce its position as partner and advisor — a goal that John says depends on a diverse mix of skills, experiences, and perspectives.</p><p>Her commitment to harnessing diversity goes beyond internal audit, as she spearheads FirstRand’s “Let’s Connect” program. “The program is focused on learning about the differences among people, so we can effectively access and connect with the organization’s talent,” she explains. “We seek to embed Stephen Covey’s philosophy: ‘Strength lies in differences, not in similarities.’”</p><p>One of John’s favorite mementos is a text she received from a staff member because it reminded him of her. “The text included sentiments like: When it’s something you truly wish to do, there’s a way to get it done. If you don’t know how, you can learn. If you don’t have time, examine your priorities. If it seems too overwhelming, start with a tiny first step,” she recalls. “It made me feel special to know I had influenced someone’s aspirations. It’s how I’ve lived my life.”</p><h2>The Reward Is Out There</h2><p>To reach the top of their profession, these six women have expanded their skills, worked long hours in a variety of assignments, navigated the choppy waters of organizational politics, and learned to accept occasional failure as part of the game. They did not do it on their own. Each of them points to how mentors helped them improve their skills, told them hard truths, steered them around pitfalls, and encouraged them to pursue opportunities. </p><p>These audit leaders also recognize that some of the qualities generally attributed to women — empathy, communication, and ability to reach compromise and build consensus — have served them well in their careers. And they have hope for women pursuing the profession’s top spot: Most see the gender gap narrowing. For women who are climbing the internal audit leadership ladder, the reward is out there, but it must be earned.  </p><p></p><table cellspacing="0" width="100%" class="ms-rteTable-4"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;"><p>​​​<strong>Achieving a Balance</strong></p><p>A common theme underscored anecdotally by the women featured in this article and statistically by the CBOK Practitioner Survey is the challenge to balance professional and personal obligations. Women’s commitments as spouse and parent make it difficult for them to meet all the expectations, real or perceived, of a rising executive.</p><p>Balancing work with being a wife and mother can be heart-breaking, Jenitha John says. “Living with the guilt of basically outsourcing the kids was unbearable,” she recalls. “My kids were fortunate to have nannies, tutors, and au pairs to assist at home, but I felt guilty having to have help and juggle a career.” </p><p>Liz Dantin Franklin agrees, “Of course, family was always a consideration,” she says. “Women tended to get married and have children about the time they became senior auditors.” But, while daunting, managing work/life balance is not impossible. Franklin points out that she achieved partnership in the accounting firm where she worked while having a family. </p><p>The responsibilities of home and family teach valuable lessons, Yulia Gurman says. “I had a boss say to me, ‘You’re a mom. You know how to deal with kids. I know you will be able to deal with challenges here at the office successfully,’” she says. “In my experience, working mothers are valued and their need to balance home and work is accommodated, as long as they meet the expectations of the job.”</p><p>John managed to create an equilibrium that worked for her by “introducing non-negotiables and jealously guarding my time spent with my family.” For example, despite having tutors, she signs off on the homework diary before bed and she regularly attends school concerts and sport matches. </p><p>As the percentage of women in the profession grows, their rising influence could help balance professional and personal obligations for all internal auditors. As Gurman notes, “Certain responsibilities cannot be delegated. You have to figure out how to make it work. It’s all about flexibility, but you need support from the top.”</p></td></tr></tbody></table>Jane Seago1
Are You Secure?https://iaonline.theiia.org/2018/Pages/Are-You-Secure.aspxAre You Secure?<p></p> <p>Nearly every internal auditor will experience political pressure at some point during his or her career. The situation may involve a request to bury audit findings, threats of retribution for perceived disloyalty, or even physical intimidation. In a worst-case scenario, escalation could lead to loss of employment. Nonetheless, practitioners must be willing to meet these challenges, deliver tough messages when necessary — even if it means risking damage to their career — and position themselves to withstand the discomfort and distress. In other words, auditors need to establish a foundation of security, both personal and professional, to weather tough political times. </p><p>To be clear, security should not be confused with complacency. The IIA’s <em>International Standards for the Professional Practice of Internal Auditing</em> sets high expectations for internal auditors, and those expectations should be met by all practitioners. Internal auditors have a duty to both the profession and themselves to perform to their fullest capabilities and deliver value to stakeholders — both of which are accomplished through hard work and professional competency. Security underpins these efforts, bolstering them with support systems, contingency plans, and a reliable safety net. </p><p>Although specific needs will vary, internal auditors can achieve security — both professional and personal — in several ways. Professionally, auditors can increase their peace of mind by obtaining credentials such as the Certified Internal Auditor, familiarizing themselves with the latest best practices, maintaining a network of colleagues for mentorship and camaraderie, and con​tinuously striving to improve. Moreover, practitioners can reinforce their professional development efforts by making sure they enjoy and take pride in what they do and remain grateful for the opportunity to serve the organization.</p><p>Personal security is achieved largely through financial planning efforts. The topic has been addressed in many books and research studies and should be a priority for anyone, regardless of profession. Simply stated, internal auditors, like anyone else, must attain financial security through the practice of lifelong, disciplined saving and investing. Basic steps include ensuring access to cash for life’s emergencies, minimizing or eliminating debt, saving a percentage of one’s income every month, and maintaining savings to cover monthly living expenses over a reasonable time horizon (i.e., a “rainy day” fund).</p><p>Internal auditing is not an easy profession — practitioners are expected to perform high-quality, value-added work while maintaining integrity and withstanding adversity. But we are also human, and subject to the influence of political pressure. How might your approach to audit work be different if you had adequate savings, no debt, and a robust professional network? The less political pressure plays a role in audit decision-making, the better the outcome for practitioners, stakeholders, and the organization.  </p>Steven L. Leiger1
A Standard of Performancehttps://iaonline.theiia.org/2018/Pages/A-Standard-of-Performance.aspxA Standard of Performance<p></p><p>Stakeholder pressure on internal auditors has never been greater. In today’s dynamic business world, internal audit is called on to ensure businesses around the globe conform to a wide range of legislation and regulation; to provide tactical and strategic insight and foresight into their organization’s performance; and to get ahead of the curve on emerging technologies and social trends. And, in fact, the list could go on. Professional internal auditing is based on The IIA’s <em>International Standards for the Professional Practice of Internal Auditing</em>, which is part of the International Professional Practices Framework. Taken together, these guiding and mandatory principles provide internal auditors the tools to effectively serve their organizations and provide stakeholders confidence that their internal audit team is functioning at the highest possible standards of professionalism and skill. The <em>Standards</em> underpin the work that we do every day. Whether auditors are performing a basic audit, providing assurance, giving advice and insight, or doing a consulting assignment, they need to adhere to certain professional behaviors — just like those followed by doctors, lawyers, accountants, and others. </p><table cellspacing="0" width="100%" class="ms-rteTable-default"><tbody><tr><td class="ms-rteTable-default" style="width:100%;">​ <style> p.p1 { line-height:12.0px; font:14.0px 'Interstate Light'; } p.p2 { line-height:12.0px; font:42.5px 'Interstate Light'; } p.p3 { line-height:12.0px; font:9.0px 'Interstate Light'; } p.p4 { text-indent:-12.0px; line-height:12.0px; font:9.0px 'Interstate Light'; } p.p5 { text-indent:12.0px; line-height:12.0px; font:9.0px 'Interstate Light'; } span.s1 { vertical-align:1.5px; } span.s2 { letter-spacing:-0.1px; } </style> <p> <strong>The </strong> <em> <strong>Standards</strong></em></p><p>The IIA’s <em>International Standards for the Professional Practice of Internal Auditing</em> are principle-focused and provide a framework for performing and promoting internal auditing. The <em>Standards</em> are mandatory requirements consisting of:</p><p>Statements of basic requirements for the professional practice of internal auditing and for evaluating the effectiveness of its performance. The requirements are internationally applicable at organizational and individual levels.</p><p>Interpretations, which clarify terms or concepts within the statements.</p><p>Auditors must consider both the statements and their interpretations to understand and correctly apply the Standards. The Standards use terms that have been given specific meanings as noted in its Glossary.</p><p>The International Internal Audit Standards Board released a revision to the Standards, which came into effect Jan. 1, 2017. For the full text of the IIA Standards, visit <a href="http://www.theiia.org/standards" rel="nofollow"> <span class="ms-rteThemeForeColor-1-0">www.theiia.org/standards</span></a><span class="ms-rteThemeForeColor-1-0">.​</span></p></td></tr></tbody></table><p>Professional internal auditors must live and breathe the fundamental values enshrined in the <em>Standards</em>. Those values should be crystal clear to everyone in an internal audit function. The theme I’ve chosen for my term as 2018–2019 chairman of the IIA Global Board of Directors, “Emphasize the Basics — Elevate the <em>Standards</em>,” offers a fundamental way of both connecting with our stakeholders and providing the most solid, relevant internal auditing possible.</p><h2>Setting and Meeting Expectations</h2><p>The <em>Standards</em> provide consistency in audit practice, guarantee the quality of whatever audit assignment is undertaken, and help the chief audit executive (CAE) align stakeholder expectations with the actual services the audit function provides. Auditors may need to educate stakeholders about what to consistently expect from internal audit and then deliver it — a process the Standards greatly enable. </p><p>The <em>Standards</em> help ground the independent nature of internal audit as it operates as the third line of defense in conjunction with management and the various second line risk and compliance functions. Independence guarantees internal audit’s effectiveness. If there is uncertainty about the facts surrounding a particular initiative, for example, or different parts of the business are in dispute, internal audit can be relied on to provide an independent and objective view on the matter at hand. For example, I was recently involved in reviewing an integration project to bring two large organizations into one legal entity. Not only did the board’s audit committee ask internal audit to stay very close to the merger, but the regulator asked internal audit to keep it abreast of what was happening by bringing our independent view to the regulator on how the project was progressing. Both sides were concerned that certain controls may be overlooked, or not be established. Internal audit’s position of independence enabled us to provide assurance to both stakeholders and ensure that everyone had the same understanding of what was happening on the ground.</p><h2>Being in Conformance</h2> <p>Getting the basics right enables internal auditors to tackle emerging issues such as robotics and artificial intelligence from a position of strength. Audit functions that follow the <em>Standards</em> will be mature and have excellent connections throughout the business. Without this maturity, the audit function will be unable to respond timely to the rapid technological developments facing organizations. </p><p>According to The IIA’s rolling research project, the Common Body of Knowledge (CBOK), the percentage of CAEs who say that they are in full conformance with the <em>Standards</em> fluctuates. In 2005, 56 percent of CAEs said they were in conformance; this figure dipped to 42 percent in 2010 and then rose to 54 percent in the latest, 2015 survey. However one reads those numbers, they are disappointing, because in any one year only about half of CAEs are achieving what should be the basic professional requirement to operate as an internal auditor. </p><p>I am a qualified accountant in the U.S., and I cannot be a member of the American Institute of CPAs without complying with its rules and regulations. The same holds true of other professionals , such as lawyers and doctors. That is why, if we are calling ourselves a profession, my expectation — and that of many stakeholders — is that all internal auditors should be in conformance with the <em>Standards</em>. </p><table cellspacing="0" width="100%" class="ms-rteTable-4"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;">​<p style="color:#222222;"><strong>The CIA Certification: The Mark of the Profession</strong></p><p style="color:#222222;">The Certified Internal Auditor (CIA) certification is the global designation all internal audit professionals should achieve. It represents our understanding and application of the Standards throughout our work, which helps our stakeholders better recognize the value the profession delivers to organizations. The CIA is the premier, globally recognized certification that enables professional internal auditors to rise above the rest and deliver on stakeholder expectations.</p><p style="color:#222222;">Recently, the CIA exam syllabi and topic areas were revised to bring the exams up to date with the current global practice of internal auditing, to clarify the knowledge and skills CIA candidates must possess, to create greater alignment between the CIA syllabi and The IIA’s <em>Standards</em>, and to refocus Part Three content on core skills.  </p><p style="color:#222222;">The purpose of the exam is to assess individuals who meet the requisite global competencies in current internal audit practice. There are three parts:</p><ul style="color:#222222;"><li>Part One — Essentials of Internal Auditing<br></li><li>Part Two — Practice of Internal Auditing<br></li><li>Part Three — Business Knowledge for Internal Auditing<br></li></ul><p style="color:#222222;"> <br>CIA candidates are expected to:</p><ul style="color:#222222;"><li>Possess current knowledge of The IIA’s Professional Practices Framework and demonstrate appropriate use.<br></li><li>Be able to perform an audit engagement with minimal supervision in conformance with the <em>Standards</em>. <br></li><li>Be able to apply tools and techniques to evaluate risks and controls.<br></li><li>Demonstrate knowledge of organizational governance.<br></li><li>Apply knowledge in business acumen, IT, and management needed for internal auditing. <br></li></ul><p style="color:#222222;"><br>Having the CIA certification conveys to our stakeholders that we mean business — and, importantly, that we have the competencies and skills to deliver on the purpose of internal auditing, to protect and enhance organizational value.​​</p></td></tr></tbody></table><h2>Obtaining External Quality Assurance</h2><p>The CBOK findings seem to indicate that internal audit leaders do not see the value of external quality assurance. In many organizations with small audit functions, stakeholders often are not as demanding, or not knowledgeable, about what internal audit does compared to an audit committee for a listed company where quality assurance reviews of internal audit are expected. However, to be a professional internal auditor, one must be in conformance with all of the <em>Standards</em>, including those on quality assurance, and that is much easier to achieve than people think. In the many quality assurance projects I have experienced, I have never seen a spectacular failure. </p><p>The bottleneck can be the quality assurance process, itself, but it need not be too onerous or expensive. CAEs can attend their local IIA chapters and find a suitable peer with whom to partner so they can reciprocally provide that service. There are plenty of resources that explain how to do this on The IIA’s <a href="https://na.theiia.org/Pages/IIAHome.aspx">website​</a>. My challenge to CAEs is to get an external quality assurance review. I can guarantee they will learn a lot about their function and come away with many tangible benefits. For example, if an audit function finds it has not done enough training, it can use the evidence from the quality assurance review to request funds from the board. The CAE can require everyone who is pursuing a career in internal auditing to sit for the Certified Internal Auditor (CIA) exam. </p><p>Also, a quality assurance review will flush out potential conflicts of interest in terms of independence. And it will help align the organization’s expectations of internal auditing with internationally recognized best practices, so that stakeholders can feel confident calling on internal audit for the right issues at the right time.</p><h2>A Unique Profession</h2><p>There is another reason my theme is “Emphasize the Basics — Elevate the <em>Standards</em>.” Internal auditing as a profession is truly global, and by following the Standards we set the benchmark for how the job should be done. Internal audit is practiced in similar ways regardless of industry, geography, size of organization, and whether it is for-profit or nonprofit. This is not the case in the legal or accounting professions, for example, where local laws and practices vary widely. </p><p>This is one of the reasons why internal auditing is important to me, personally. I am Japanese, but I’ve worked in the U.S., the Middle East, Asia, and Europe. Wherever I go, I can still practice my profession, speak to internal audit colleagues, and learn from what people are doing in various industries and regions. Those conversations have a direct relevance to me because the Standards enable us to speak a common language. </p><p>My first role was as an accountant, which I did not enjoy because I felt it encouraged me to share too narrow a view of the world. When I retrained as an internal auditor, I was amazed. Internal auditing entailed looking at an organization from end to end. CAEs have to see things through the chief executive officer’s or board member’s lens — without having to actually be in that role. That was — and remains — fascinating to me, and there is no other function in the organization that fulfills that role. </p><h2>Advancing the Profession</h2><p>My goal for every reader of this article, and the profession as a whole, is to put the <em>Standards</em> center stage of our efforts. My tenure as chair is a relatively short 14 months. I would love to see conformance with the Standards rise from 54 percent where it is today, to 75 percent during my tenure. That may be too ambitious, but I believe it is possible if we all work together. </p><p>You do not have to be a CAE to help in that process. If you are a junior auditor planning a career in the profession, take the CIA exam and do at least the recommended amount of training. Attend local IIA chapter events, get to know colleagues in different industries, and develop skills. If you are a CAE and have not yet had an external quality assessment — take the plunge. You will not only be doing yourself and your organization a great service, you will be helping to advance the credibility and effectiveness of the global profession. And that is something worth aiming for. </p><table cellspacing="0" width="100%" class="ms-rteTable-4"><tbody><tr class="ms-rteTableEvenRow-4"><td class="ms-rteTableEvenCol-4" style="width:100%;"><p> <strong>​​The Chairman of the Global Board of Directors​</strong> ​</p><p>Naohiro Mouri is executive vice president and chief auditor of American International Group (AIG), a global property-casualty, life <br> and retirement, and general insurance company based in New York.</p><p>In a career spanning more than 20 years, Mouri has held several chief auditor positions. Before joining AIG, he was a statutory executive officer, senior vice president, and chief auditor for MetLife Alico Insurance K.K. Japan. He also led the audit departments at J.P. Morgan Asia Pacific, Shinsei Bank, Morgan Stanley Japan, and Deutsche Bank Japan. He began his career at Arthur Andersen in Atlanta and Tokyo.</p><p>Committed to supporting internal audit professionals, Mouri also has held numerous board and volunteer leadership positions at The IIA, including international secretary (2007–2008), vice chairman–professional development (2008–2009), vice chairman–professional guidance (2015–2016), vice chairman–professional practices (2016–2017), and senior vice chairman of the Global Board (2017–2018). He has been IIA–Japan director since 2003.</p><p>Mouri served from 2001–2006 as the first elected president of the Asian Confederation of Institutes of Int​ernal Auditors (ACIIA). ACIIA recognized him with its “Outstanding Contribution in the Field of Internal Auditing” honor in 2016.</p><p>Mouri advocates for the profession through IIA and other industry forums, and he has lectured at several universities in Japan, including the Meiji University Graduate Program for Professional Accountancy and Senshu University. Mouri co-authored Korega Kinyukikan no Naibukansa da (Internal Audit for Financial Institutions), which is available in Japanese and Mandarin.</p><p>Mouri, a Certified Internal Auditor and Certified Public Accountant, has a bachelor’s degree in accounting from Georgia State University.</p></td></tr></tbody></table><p></p> <style> p.p1 { line-height:12.0px; font:14.0px 'Interstate Light'; } </style>Naohiro Mouri0

  • Gleim_Oct2018_Premium 1
  • IIA CERT CIA_Oct2018_PRemium 2
  • IIA CIALS_Oct2018_Premium 3