Practices

 

 

Well-deserved Criticism?https://iaonline.theiia.org/2019/Pages/Well-deserved-Criticism.aspxWell-deserved Criticism?<p>During the last few years, internal auditing has faced significant criticism from both stakeholders and practitioners. Much of it centers around audit effectiveness and the profession’s ability to identify and report risks and failures, as highlighted in research from professional service firms. The IIA’s own 2019 North American Pulse of Internal Audit points to audit communication deficiencies and potential misalignment with corporate boards on risk areas. But does the profession deserve all of this criticism? Is it truly underperforming? <br></p><p>In my experience, senior management at publicly listed companies mostly views internal audit as a necessary evil — a nonessential service function that is either required by a listing exchange or by corporate boards. Otherwise, there is no general appetite to maintain an internal audit function unless the senior executive team, or the board, recognizes the value internal audit adds in providing assurance and improvement opportunities. Because internal audit is not valued, it is not granted sufficient operating budget, which limits the function’s ability to cover organizational risks. </p><p>Not surprisingly, many surveys of the profession reveal that internal audit struggles to attract and retain talent, is mostly underfunded, and lacks resources, including technology. Gartner’s 2018 Audit State of the Function report projected budgets increasing only slightly in 2019 and flat head count for 2019, consistent with prior years. And among respondents to Deloitte’s 2018 Global Chief Audit Executive survey, more than 40% said their audit functions lacked skills and talent; plus, only 21% used advanced analytics. How can the profession proactively identify and manage cutting-edge risks in areas such as blockchain, cybersecurity, and fraud when it does not have appropriate capital and technology?</p><p>But limited budgets and resources are not the profession’s only impediments — lack of control over internal audit’s activities and purview, as manifested through our organizational reporting relationships, also presents a problem. At most U.S. publicly listed firms, the chief audit executive reports administratively to the chief financial officer (CFO) and functionally to the audit committee. This configuration risks the CFO providing insufficient budget and other resources and using internal audit to complete projects and tasks not included in the audit plan — activities that might ordinarily fall on other CFO functions — thereby detracting from internal audit’s ability to conduct risk-based audits or complete its plan. </p><p>Given its limited budgets, inadequate technology resources, understaffing, and lack of autonomy, the profession does not deserve much of the harsh criticism it has received. Only when the audit function is truly independent and empowered will it be able to provide effective support to management and the board, sit at the forefront of risk management, and be able to proactively identify and help remedy corporate misconduct and fraud.  <br></p>Chris Dogas1
Editor's Note: Internal Audit's Emerging Starshttps://iaonline.theiia.org/2019/Pages/Editors-Note-Internal-Audits-Emerging-Stars.aspxEditor's Note: Internal Audit's Emerging Stars<p>This marks the seventh year <em>Internal Auditor</em> has recognized emerging leaders in the internal audit profession. Our <a href="/2019/Pages/Emerging-Leaders-2019.aspx">2019 Emerging Leaders</a> join 100 other young professionals who have been recognized since 2013. </p><p>Past honorees have not rested on their laurels, but instead, as expected, continue to achieve great things. For example:</p><ul><li>At the time they were named Emerging Leaders, 74 had their Certified Internal Auditor (CIA) designation. Today, 89 are CIAs. </li><li>Since being named an Emerging Leader, 71 have new job titles or have moved to new companies.</li><li>Three Emerging Leaders have served on The IIA’s North American Board and Global Board of Directors. Seventeen leaders have served on one or more of The IIA’s committees.</li><li><p>Emerging Leaders have written 88 blog posts/articles for the magazine, and 46 leaders have been interviewed for Internal Auditor articles. <br></p></li></ul><p>Two former Emerging Leaders, Leslie Bordelon (2014) and Alex Rusate (2017) share how their careers have progressed since their recognition in this issue’s <a href="/2019/Pages/From-Emerging-to-Leader.aspx">“Eye on Business."</a> Rusate, for example, has obtained three new certifications since 2017. Bordelon and Rusate offer up-and-coming internal auditors advice on how to advance in the profession and explain why they stay in internal auditing. Bordelon says she’s excited about the future of the profession. “As companies start to embrace new technologies such as machine learning and robotic process automation, internal audit teams have to really rethink how they approach their work,” she says.<br></p><p>Technology is a theme throughout the “Emerging Leaders 2019” article. “In fact, emphasizing analytics seems almost old-fashioned to the 2019 honorees; they assume analytics are key to internal audit and continually expand their skills — often on their own time,” writes author Russell Jackson. This year’s leaders recognize that this expertise can open doors for internal auditors, and they’re eager to be meaningful players in their organization’s success, Jackson says. </p><p>On another note, when you’re Wright, you’re Wright. With this issue, we wish “Risk Watch” contributing editor Charlie Wright a fond farewell and introduce Rick Wright (no relation) as the new contributing editor. A big thank you to Charlie for his time and effort, and for the outstanding contributions he’s made to this department. We are fortunate to have Rick as Charlie’s replacement beginning in December. Rick is the director of internal audit and enterprise risk management for YRC Worldwide. He is also the author of <em>The Internal Auditor’s Guide to Risk Assessment and Internal Auditing: Uncover the Myths, Discover the Value</em>. Welcome, Rick!<br></p>Anne Millage0
Emerging Leaders: 2019https://iaonline.theiia.org/2019/Pages/Emerging-Leaders-2019.aspxEmerging Leaders: 2019<p>​Each year's Emerging Leaders talk less about the profession pivoting to a trusted advisor role and more about actually performing that role — and how excited they are to expand internal audit's influence into new areas. Indeed, the 2019 Emerging Leaders' diversity shows partly in the variety of experiences they've had in an advisory capacity and their specific goals for expanding the profession's profile. And as in previous years, the 2019 Emerging Leaders are a diverse, multinational group. Since the first crop of honorees in 2013, 14 countries have been represented; this year's professionals hail from The Republic of Belarus, Canada, the U.S., and Zambia. Just under half since the beginning are women, just over half are men — many of whom have advanced to positions of greater leadership and gone on to volunteer in key IIA governance and advisory positions. </p><p>As a group, this year's Emerging Leaders are enthusiastic about talking up internal auditing — to schools, business groups, and their colleagues — and about supporting the profession through expanded participation in local professional organizations. Technology, as always, is what these high-performing practitioners want to talk about. Automation and data analytics are familiar. In fact, emphasizing analytics seems almost old-fashioned to the 2019 honorees; they assume analytics are key to internal auditing and continually expand their skills — often on their own time. That expertise opens doors to more internal auditor interaction with organizations' executives, and this year's Emerging Leaders are eager to take advantage of the opportunities they see ahead to be meaningful players in their enterprises' success.</p><h2> <img src="/2019/PublishingImages/Sweeney.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Jordan Sweeney, <strong>CFE</strong><br></h2><p> <strong>28,</strong><strong> Senior Auditor</strong><br><strong>City of Sacramento, Calif.</strong></p><p>Jordan Sweeney conducts “impactful audits,” as one colleague puts it, and she is hailed for following up to ensure recommendations are implemented. From day one, the University of California at Davis graduate was given sole responsibility for auditing the city’s Department of Utilities (DOU). As a result of her consistent follow-up efforts, the DOU has achieved “a realized monetary benefit of more than $15.2 million dollars,” reports Sweeney’s supervisor, Sacramento Assistant City Auditor Lynn Bashaw. “She continues to work with the department to implement recommendations made in her audits,” Bashaw adds, “as well as recommendations made in previous audits.” Sweeney says providing informal audit training to DOU staff members responsible for the recommendation follow-up efforts helps them understand what internal audit is looking for and communicate that to other staff, thereby reducing the number of documentation requests she has to submit. She also manages the city’s whistleblower hotline for reporting fraud, waste, or abuse, and so far has resolved more than 80 cases. Sweeney, who holds a master’s degree in civil engineering, came to the profession after learning about it at home — her husband is a premium auditor for an insurance company. The work seemed challenging yet fun, she explains, and used many of the same data analysis and problem-solving skills an engineering education requires. Sweeney adds: “I felt it would be very rewarding to be a part of something with such a big impact on how the government operates.” </p><h2> <img src="/2019/PublishingImages/Cheng.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Cheng Cheng, CIA</h2><p> <strong>28, Consultant, Enterprise Risk Service</strong><br><strong>MNP LLP</strong><br><strong>Toronto<br></strong></p><p> <strong></strong>This is how Cheng Cheng characterizes his profession: "I selected internal auditing because it's challenging, nonroutine, and fun." The University of Toronto graduate started out with a degree in commerce and a master's degree in accounting; early in his career, Cheng worked on finance, assurance, and internal audit-related jobs, ultimately opting for the latter as his main focus. "Every day is a new challenge and learning  opportunity," he says. One early challenge was how dependent consulting is on experience and industry knowledge, which he lacked at the time. "I forced myself out of my comfort zone," he says. "I told myself, 'Don't' be afraid to ask questions.'" And having tapped his mentor's experience to great effect, he advises those working with professionals who have extensive knowledge in the field to observe how they work. Cheng's own work encompasses internal controls over financial reporting, payroll audits, external quality assessment, and risk-based operational and compliance audits, notes MNP colleague Jim Barbour, who cites another challenge Cheng has overcome. "A recent client required him to reconstruct multiple years' payroll reporting to tax authorities," Barbour says. "He used document capture and data analytics tools to prepare and evaluate the source data for the required deliverables." Cheng points to the value of communication skills as key to explaining deliverables to clients. "No matter how technology evolves," he says, "we will always need to build relationships with people." Outside internal audit, pick-up basketball games most weekends constitute Cheng's No. 1 hobby. He's also an active volunteer in MNP's Community Activity Project and Education program and serves as treasurer for IIA–Toronto. </p><h2> <img src="/2019/PublishingImages/Fritz.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Blaine Fritz, CIA</h2><p> <strong>29, Governance & Operations Manager/Chief of Staff</strong><br><strong>GSK</strong><br><strong>Research Triangle Park, N.C.</strong></p><p>Blaine Fritz became an internal auditor to understand how companies work from the inside out. He hit the professional jackpot: The Michigan State University graduate has led global audit teams and conducted engagements across multiple risks — commercial practices, anti-bribery and corruption, financial controls and reporting, and supply chain, to name a few. His work has spanned multiple functions, cultures, and geographies, including North and South America, Europe, and Asia. The former audit manager, who’s since moved into Managed Markets and Government Affairs, has also led multiple initiatives to improve the internal audit function at GSK, notes his manager, John Boone, vice president, Contract Management and Operations. “He’s gathering observations on the impact of an audit from a business perspective,” Boone says, “and will feed these observations back into the internal audit function to improve efficiency and effectiveness and minimize business disruption in future audits.” Other projects include leading the Audit Ways of Working Alignment Project, which identified differences in approach between regions and among risk areas, and facilitating training on audit process and third-party oversight. The people part of the equation, Fritz says, is key. “My work provides an opportunity to gain a global perspective and cultural awareness through the people I meet around the world,” he says. Fritz focuses on internal audit’s evolving role, noting that use of the audit function as a resource for insights gained through sharing of good practices across the business represents an important change for the profession. “Auditors can share an enterprise view gained from experiences in different risks and parts of the business,” he comments. Outside the office, the soccer player and youth team coach also serves as an Early Talent Mentor for GSK’s Future Leaders Program and as a member of GSK’s Orange Day Volunteer Committee; each year, employees spend Orange Day off-site, volunteering at a charity of their choosing.</p><h2> <img src="/2019/PublishingImages/Donner.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Melissa Morlan Donner, CIA</h2><p> <strong>26, Audit Supervisor</strong><br><strong>Bank of America</strong><br><strong>Chicago</strong></p><p>Melissa Morlan Donner prefers people to face forward in their approach to internal auditing. "If 'well, that's how we did it last year' is the only rationale you have for something," she says, "there's probably a way to improve it." That often involves automation and, especially, being able to understand what it's doing. Already, the University of Florida graduate notes, a key skill for internal auditors is "the ability to understand how automation can be applied." Writing code is a plus for anyone to possess, she says. "But more important is being able to clearly articulate what you think an automated process would look like and have a grasp of what is possible before working with an automation expert to get it done." Donner built her audit skills analyzing and testing controls across various industries as a consultant, while also project managing the day-to-day activities of those engagements, reports current supervisor Janet Jarnagin, an audit director at Bank of America. Now Donner is responsible for board and executive management reporting, including presentations summarizing audit results, issue status, and audit department performance to the organization's highest governing bodies, Jarnagin says. Within months of starting at Bank of America, Donner designed a new monthly business review for the chief audit executive (CAE) to oversee department operations and revamped the issue management report for the CEO's management team. Donner says that's a good example of the trusted advisor role internal audit is taking on, and she adds that data visualization is an increasingly important part of it. Reporting a 1% to 2% month-over-month increase via text or a slide may not raise red flags, she explains. But seeing a line chart spanning six months that shows a 10%-plus increase — with a six-month projection if nothing happens — "can really serve as a call to action," she says. Donner is a member of The IIA's Chicago chapter and volunteers at TutorMate, an online program that helps kids improve their reading skills.</p><h2> <img src="/2019/PublishingImages/Munshya.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Kenson Munshya, CIA, CISA</h2><p> <strong>29, Audit Manager</strong><br><strong>Stanbic Bank Zambia</strong><br><strong>Lusaka</strong></p><p>Kenson Munshya first saw internal audit from the outside, and found himself impressed by practitioners' insights and deep understanding of the organizations he was auditing externally. "Over time," the Rusangu University Zambia graduate says, "I started looking at the internal auditors' reports as one of the reference points to gain an understanding of clients." Then he joined them — and started spreading the word about internal auditing. "He has a mission to make a difference in the profession," says colleague Chuma Silutongwe. He adds that Munshya was instrumental in helping parent company Standard Bank Group's Africa regions team win the firm's 2018 Group Internal Audit Mark of Excellence Award for enhancing the use of data analytics and audit automation. Plus, he's supported teams from Namibia, Malawi, Botswana, and Mauritius in providing key insight on IT-related engagements, such as cybersecurity and business continuity audits. Munshya says practitioners need to prepare for the future by improving their skills in data analytics, machine learning, and artificial intelligence (AI); he is piloting the automation of the company's audit process using those very skills. Still, he adds, "ultimately, it comes down to one's people skills to manage change and influence decisions." Internal auditing often involves negotiating with management, so a firm grasp of the disruptive technologies combined with people skills is key, Munshya stresses. "I'm amazed at internal audit's ability to influence an organization and be a change agent around strategy and operations, as well as around governance, risk, and internal controls," he says. Outside of internal audit, Munshya enjoys decidedly low-tech pastimes, including chess, jogging, and reading. He also volunteers for outreach programs through his church and is an active member of IIA–Zambia. </p><h2> <img src="/2019/PublishingImages/Cook.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Maddie Cook, CPA</h2><p> <strong>30, Senior Manager, Consulting</strong><br><strong>Crowe LLP</strong><br><strong>Los Angeles</strong></p><p>Maddie Cook is in the enviable position of working in a role that requires her to indulge in one of her favorite pastimes. The job requires travel, and Cook says, "I really enjoy learning about the cultures that are new to me and sampling local cuisine." And her travels provide valuable insights for her global client work, notes Pamela Hrubey, a Crowe managing director and Cook's career coach. "She leverages the business experience she has gained from working in Canada and the United States to support a variety of clients with offices around the globe," Hrubey says, "bringing a balanced business perspective along with her deep knowledge of internal controls." The University of Western Ontario graduate is also part of an innovation team considering ways to leverage blockchain technology to create internal audit efficiencies, and she's been researching the potential of robotic process automation and AI. "Clearly we will see, over time, these technologies playing a large role within our profession," she comments. To assess controls around that technology, internal auditors will need a robust understanding of how it functions, the associated risks, and the organization's strategy for integrating the technology into its business processes. "The more knowledge we have, the better we will be able to assist, review, and potentially advise management on implementation in the future," Cook says. She also points to significant opportunity to use these technologies in audit work. Companies are making the move to blockchain and other technologies to advance their businesses, she notes. "Internal auditors will need to adapt our methodologies to maximize the associated benefits of the new tools by developing audit programs that increase organizations' confidence in their use." Outside the profession, Cook has donated her time to the Boys & Girls Club of America, a community food bank, and an organization that builds bikes for kids.</p><h2> <img src="/2019/PublishingImages/Wang.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Jiahui “Bella” Wang, CIA</h2><p> <strong>28, Senior Internal Auditor, Computer Information Analyst</strong><br><strong>Atlas Air Inc.</strong><br><strong>Purchase, N.Y.</strong></p><p>Bella Wang was surprised to learn how much soft skills support the technical aspects of internal auditing. "I didn't understand the diversity of attributes a practitioner needs to have to be effective," the St. John's University graduate explains. In particular, Wang says that recognizing the importance of sales skills was a professional "aha!" moment. "We are selling our expertise, ideas, and recommendations almost every day to help add value to our organizations." Wang accomplishes that with a firm foundation of technical knowledge, says her supervisor, Charles Windeknecht, Atlas Air's vice president, Internal Audit. "She consistently exhibits a deep understanding of the risk and control considerations she is assessing," he says, "by asking challenging questions in a relevant and meaningful manner." The questions change, of course, as the technology that powers the profession changes. "Technology and automation will make changes in how, where, and when we perform audits," Wang says. Already, she has designed and built several data analytics programs to support internal audit's objective of executing more effective testing, Windeknecht notes. Wang says her department uses analytics routines during annual fraud assessments to help management isolate higher risk transactions. "Senior management is coming to us with more requests to help them identify process improvement opportunities," she says. Wang is also active with the youth education nonprofit Junior Achievement and often speaks at area college and university events about the benefits of internal auditing.</p><h2> <img src="/2019/PublishingImages/Beeston.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Megan Beeston, CFE</h2><p> <strong>29, PRG Senior Associate</strong><br><strong>Frazier & Deeter LLC</strong><br><strong>Atlanta</strong></p><p>Stephen Brown, CAE at PRGX Global, recalls the time Megan Beeston was working on an IT project for his company as part of a co-sourced team when her supervisor was injured and unavailable for an extended period. “Megan stepped up and successfully managed the project with minimal oversight, and exceeded expectations in every way,” Brown says. The Kennesaw State University graduate says the experience provided her tremendous opportunity for learning and growth. “Working in public accounting constantly involves quickly and seamlessly adapting to unexpected situations to avoid delays in projects and deadlines,” she says. She benefitted from having built good relationships with clients — and having the ear of her company’s managers. Early on, she says, she stepped back and realized that internal audit has long used data analytics. But the progress underway now is even more exciting, she adds, as technology increasingly enables internal auditors to expand their capabilities past current roles. “Integrating IT concepts into our strategies will allow us to provide the most value-add to our organizations,” she says. “Any initiative for research or training in technology and how we can apply systems to be more efficient is an important step for us.” Beeston came to the profession when a professor presented it in a compelling way — making her realize she could use people skills to make her role more successful and help people solve problems, which she saw as a perfect fit. Her internship exposed her to a variety of roles and projects, piquing her interest even further. “The ability to wear many hats — as an extension of an organization as its internal audit function, as a service auditor, or consulting through process improvements and security assessments — challenges me technically and as a person,” she says. Outside internal audit, Beeston plays tennis and watches college football. She also fundraises for the Leukemia & Lymphoma Society through her company, volunteers on select weekends with the pediatric grief counseling organization Kate’s Club, and co-chairs the mentor–mentee program at her local IIA chapter.</p><h2> <img src="/2019/PublishingImages/Orunkhanov.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Aidar Orunkhanov</h2><p> <strong>29, Solutions Director</strong><br><strong>TAMR</strong><br><strong>Cambridge, Mass.</strong></p><p>Aidar Orunkhanov approaches internal audit from a different perspective. The University of Illinois at Urbana–Champaign graduate started out in data analytics and came across internal auditing by chance. But he noticed that the profession was beginning to implement data-driven methodologies and saw the potential to implement analytics. He’s now back in data analytics, at a start-up that applies machine learning to data unification, but comments that the massive amounts of data produced by new technology will propel internal auditing toward near-real-time functionality and other elements of automation, raising some worries about technology replacing humans. But he says the technology can’t replace humans completely: “I’d call it ‘using new tools’ rather than ‘managing robotic assets.’ Robotic process automation [RPA] is an ideal solution to frequently repeated rule-based processes.” RPA, in fact, should free up time for more creative and exciting work, he says. One example: He led development of an automated dashboard at a former employer that provides auditors with timely changes to risk profiles and data-enabled outliers for testing purposes. He also co-led a hands-on data analytics training program for 200 colleagues. In addition, Orunkhanov lectures at Boston University, teaching a graduate-level course in business analytics. On weekends, he enjoys travel photography. “The gear I carry has grown exponentially,” he says,” but an incredible Instagram picture is worth it all.” Orunkhanov also volunteers at a local food bank and helps families file their tax returns.</p><h2> <img src="/2019/PublishingImages/Carnevale.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Marilyn Carnevale, CIA, CPA</h2><p> <strong>30, Senior Auditor</strong><br><strong>Rutgers, The State University of New Jersey</strong><br><strong>Piscataway, N.J.</strong></p><p>After a stint in external audit, Marilyn Carnevale has been happily surprised by how gratifying she’s found her internal audit career — particularly the newness of each assignment. “Internal audit procedures often have to be developed from scratch to meet the unique needs of an organization,” she says. “It’s exceptionally challenging, but completely rewarding when our recommendations come to fruition.” At Rutgers, her alma mater, Carnevale was assigned to assist on “a major, multi-phased project,” reports her supervisor, Marion Candrea, manager, Audit and Advisory Services. “It was part of a highly regulated area that required a rigorous learning curve that she easily overcame,” Candrea says, adding that Carnevale started taking on lead auditor tasks right away. With that responsibility came the opportunity to work with student interns. In fact, she was so effective that she soon earned the title of internship program supervisor. Carnevale remembers people leaving her former public accounting firm for internal audit positions, but adds now: “Honestly, I did not even know if I would be any good at it.” Her ties to the university moved her to pursue the position she’s in. “The fact that I’d never heard of internal auditing until about four years into my career is partially why I believe in advocating for the profession,” she says. That includes educating students about options beyond public accounting. In her free time, Carnevale volunteers at The IIA’s Central Jersey Chapter, attends Rutgers athletics events, donates her hair to Locks of Love and Pantene Beautiful Lengths — and plays the piano. </p><h2> <img src="/2019/PublishingImages/Ballweg.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Christopher Ballweg, CIA, CISA</h2><p> <strong>28, IT Audit Supervisor</strong><br><strong>American Financial Group Inc.</strong><br><strong>Cincinnati</strong></p><p>No matter how much internal audit technology advances, success in the profession will always rely on people skills, according to Christopher Ballweg. With a primary focus on IT audits, he sees technological advancements as key to driving change — but the University of Kentucky graduate also stresses that “relationship-building, clear communication, and adaptability” are a practitioners’ most important competencies. Indeed, he says, auditors must be able to clearly communicate any questions or observations, regardless of the business partner. Education helps. Ballweg started at American Financial Group right out of college, notes former colleague Brian McNalley, IT audit manager at Macy’s and a 2018 Emerging Leader. Since then, he has received two key professional certifications and an MBA from Mount St. Joseph University. On the job, Ballweg has been a team leader for engagements involving cybersecurity, disaster recovery, business continuity, the Payment Card Industry Data Security Standard, and U.S. Sarbanes-Oxley Act of 2002 compliance. “A key challenge is ensuring that our work is adding value to our various stakeholders,” Ballweg says. Practitioners who want to be seen as trusted advisors, he adds, must know stakeholders’ goals and ensure that engagements are focused on delivering value. That, he says, requires flexibility. “Continuous change is the aspect of the profession I enjoy most,” he says. When he started, cybersecurity audits and the U.S. National Institute of Standards and Technology Cybersecurity Framework were “still in their infancy,” he says. “Now they’re on the mind of nearly every stakeholder in an organization.” Ballweg has been active in The IIA’s Cincinnati Chapter since 2013, and is a board member of his local American Cancer Society Young Professionals group.</p><h2> <img src="/2019/PublishingImages/Delores.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Christiane Dolores</h2><p> <strong>29, Internal Audit Manager</strong><br><strong>Caesars Entertainment Corp.</strong><br><strong>Las Vegas</strong></p><p>Today's students at the University of Nevada Las Vegas have access to a career insight that Christiane Dolores didn't. The alumna makes a point to attend events on campus to meet students and engage them in the internal audit community, she says, because most of her time as a student was spent learning about external auditing. She's become deeply involved in the profession, having served on the IIA–Las Vegas board as secretary, vice president of Programs, and now vice president, notes her supervisor, Victor Echenique, Caesars' internal audit director. Dolores led an awareness initiative about the services internal audit provides and created a brochure for Internal Audit Awareness Month that was distributed to 145 colleagues throughout the Caesars organization. She excels at her job, Echenique says, winning the "Audit Ninja" title as internal audit's Employee of the Quarter and Employee of the Year six times in a department of more than 80 practitioners. She manages planning and execution of compliance, financial, and operational audits of business operations at casino properties in multiple states, and she's a leader in the department's philanthropy efforts. Dolores didn't set out to be an internal auditor, starting her career in Accounts Receivable and moving around the enterprise to learn several different accounting functions in the organization's nongaming enterprises. "I had no intention of working for internal audit," she says. Then, conversations with a colleague helped change her mind. Now she calls it "probably the best decision I've made for myself." </p><h2> <img src="/2019/PublishingImages/Katsiaryna.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Katsiaryna Pranovich</h2><p> <strong>29, Chief Auditor </strong> <br> <strong>JSC MTBank</strong><br><strong>Minsk, Republic of Belarus</strong></p><p>Katsiaryna Pranovich has learned the value of listening. Early on, she found communicating with internal clients to be “the most laborious, difficult aspect of the job.” But then she learned to listen more attentively to her colleagues, she says, to focus better on what they need from her. “That, plus gaining experience and exercising patience allowed me to adjust my style of communication,” she explains. Pranovich sharpens her people and public speaking skills with stand-up performances of her own comedy material in local clubs and cafes. One of her favorite parts of the job, the Belarusian State Technical University graduate emphasizes, is helping colleagues deal with difficult situations. Another is the opportunity to “engage in different areas of the organization’s activities.” Pranovich extends her internal audit interactions outside the enterprise as well, notes Pavel Varyvonchyk, CAE at JSC MTBank. “She constantly expands her professional skills by attending seminars and conferences,” he says, “which allows her to maintain professional relations with internal auditors at similar companies here and in neighboring countries.” Indeed, Varyvonchyk adds, Pranovich is a two-time winner of the firm’s Best Employee Award. One reason is her involvement in a project examining data mining for automated internal auditing, which aims for continuous monitoring of key departmental indicators of possible process violations. Another project Pranovich heads up is creating automated workpapers and options for management decision-making following audits. Pranovich is, in fact, lauded for her methodologically accurate documents. “The devil is in the details,” she says, “especially with the increasing speed of work and changes in business processes.”</p><h2> <img src="/2019/PublishingImages/Spittler.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;" />Steve Spittler, CPA, CISA</h2><p> <strong>28, Senior IT Internal Auditor</strong><br><strong>LPL Financial</strong><br><strong>Fort Mill, S.C.</strong></p><p>Steve Spittler is a technology enthusiast with strong people skills — two important assets for an internal auditor specializing in IT engagements. “As companies move to the cloud and increase use of third-party vendors,” says the Bentley University graduate, “even practitioners who mainly perform business or compliance audits need to understand the implications cybersecurity could have on their engagements.” Nearly every audit his team performs has cybersecurity considerations, he notes. A recent challenge involved leading both the Vendor SOC1 testing program and the cybersecurity audit for the enterprise, reports co-worker and unofficial mentee Anja Erlandson, senior analyst, risk management, at LPL. “He not only completed the tasks,” she says, “he assisted the business in creating new internal controls, making recommendations consistent with industry best practices.” He also has added visual analytics to audit reports, analyzed large data sets to identify discrepancies, and tested the effectiveness of department policies and procedures. The first few years of Spittler’s career were spent as a public accountant conducting external financial audits; he says the move to his current post represented an opportunity to grow his skills. His social network also has expanded. Spittler says: “What I love about my job is the level of collaboration and the people.” Most of his engagements are integrated, with the business audit and IT audit teams working together, he notes, citing the value of building relationships with clients. Practitioners often can see firsthand the improvements made because of their recommendations, he adds. Off the clock, Spittler volunteers at the Humane Society, the Metrolina Food Bank, and the Boys & Girls Club of America.</p><h2> <img src="/2019/PublishingImages/Murray.jpg" class="ms-rtePosition-1" alt="" style="margin:5px;" />Sarah Murray, CIA</h2><p> <strong>27, Senior Auditor</strong><br><strong>Savannah River Nuclear Solutions</strong><br><strong>Aiken, S.C.<br></strong></p><p> <strong></strong>For Sarah Murray, early career inspiration came from an audit class project that involved creating flowcharts and identifying control deficiencies. "It was totally different than anything I had done in my accounting studies thus far," she says. The Augusta University graduate enjoyed it enough to apply for an internal audit internship and ended up "falling in love with the work and the variety of people that you get to meet." One part of the job she's especially fond of is working with data. "It always has a story to tell you," she notes. Former Augusta University accounting lecturer and current colleague Steve Loflin, principal internal auditor at Savannah River Nuclear Solutions, says Murray's skills in analytical and substantive testing are exceptionally advanced. "As much as she impressed me as a student," he comments, "I've been even more impressed by her abilities as an internal auditor." Loflin adds that Murray is known for her timely and effective auditing and her ability to build relationships. Murray does have an agenda: She's out to end the "gotcha" and "take no prisoners" stereotypes of internal auditors. She makes a point to find ways to minimize nervous tension during engagements by checking clients' work spaces for clues to a favorite football team or new grandchildren. "I get them talking about those things to loosen them up," she notes, "and see audit as a function that is truly there to help." Murray also volunteers with local youth ministries, and with the River of Life, which provides exterior home repairs and improvements to local community members. In addition, she's active in, and a former officer of, The IIA's Central Savannah River Area Chapter. </p><p><br></p><p><img src="/2019/PublishingImages/EmergingLeaders_oct%2719_judges.jpg" alt="" style="margin:5px;" /><br></p>Russell A. Jackson0
Auditing With Grithttps://iaonline.theiia.org/2019/Pages/Auditing-With-Grit.aspxAuditing With Grit<p>What seems like an eternity ago, I received a book in the mail titled <em>Grit: The Power of Passion and Perseverance</em>, by Angela Duckworth. It was sent to me by my mentor and friend with a note that said, "You are gritty, and gritty is good." I wasn't sure at first what he meant, but after reading the book I was inclined to agree that grit is a quality I possess.</p><p>According to Duckworth, "[If you have] a deep and abiding interest, a ready appetite for constant challenge, an evolved sense of purpose, and a buoyant confidence in your ability to keep going that no adversity could sink," you probably rate high on the grit scale. I like to think this describes me. It may also describe many internal auditors, as these qualities are often necessary to perform our jobs effectively. </p><h2>Personal and Professional Grit  </h2><p>My capacity for grit was tested a few years ago when I faced a challenge in my personal life. In 2015, I tested positive for the BRAC1 breast cancer gene mutation. After discussions with close family and friends, I underwent multiple preventive surgeries, including a double mastectomy in 2016. While some might consider this measure extreme, an 86% chance of developing breast cancer in my lifetime was not something I was willing to accept. Now my risk has been reduced to 10% per general statistics, and 2–5% per my doctors — odds I'm much more comfortable with. </p><p>I also discovered the value of grit in my professional life. Early in my career, I took an internal audit position at a large financial services company. I then left the job a few years later for a traditional accounting position, only to return soon afterward to internal auditing upon realizing that's where my true passion lies. I progressed quickly to the role of internal audit director and woke up every day for the next eight years with the same enthusiasm I had at the beginning of my career — and the perseverance to make a difference in the audit profession.   </p><p>Staying true to my friend and mentor's observation, I recently mustered internal grit once again by resolving to start my own business. Now my work involves practicing, teaching, and training others about internal auditing, including the concept of <em>grit</em> and how it applies exceptionally well to the profession.</p><h2>Grit in Practice</h2><p>Duckworth describes those with grit as high achievers who possess qualities such as diligence, persistence, determination, focus, and the ability to overcome obstacles. She also explains in her book that talent, aptitude, skill, and education are not enough. </p><p>Grit, as it relates to internal auditing, starts with a passion and desire to make a difference in the organization. It means looking forward to the next engagement or challenge. It means having the courage to point out what others may not want to see. </p><p>Great auditors have to combine an understanding of operations, financial processes, and technology with the curiosity to find risky or unusual items. They also must possess the ability to establish relationships and build trust with management. And, of course, auditors must do all this while not always being greeted with open arms by their clients.</p><p>How do great auditors accomplish great things? They do it with grit. They audit with passion, working toward longer term, strategic goals that are of value to the organization, with the necessary resolve and follow-through to reach those goals. They do it with perseverance, working with the courage and determination to pursue an engagement or finding, despite obstacles, until their job is complete.</p><h2>Are You Gritty?</h2><p>How do practitioners determine whether they have the qualities to be a gritty auditor? First, they should make sure they are in the right place or in the right profession by answering a few questions:</p><ul><li>Are you passionate about your organization, clients, and engagements? </li><li>Do you look forward to delivering relevant, value-added findings to management?  </li><li><p>Do you believe in the larger purpose of auditing and its impact on your organization or clients?</p></li></ul><p>If the answer to each of these questions is "yes," internal auditors should then make sure they tackle their work every day with an eye toward five key factors: </p><ol><li><strong>Achievement.</strong> Believe respect is earned and reward and recognition come after achievement.  Add value through the systematic identification and mitigation of risk and implementation of solutions that result in significant improvements.</li><li><strong>Focus.</strong> Gain the necessary knowledge for each engagement. Risk assess engagements using appropriate knowledge and input. Focus on meeting value-added objectives. Set timetables and manage engagements to timely completion.</li><li><strong>Time/Resources.</strong> Allocate time to the high-impact goals, risks, and improvement opportunities within engagements. Apply the latest tools and technology while controlling audit costs; do more with less.</li><li><strong>Effort.</strong> Create a culture of commitment. Be committed to every engagement and to supporting the success of the organization. Work hard and smart. Continuously improve yourself and your techniques.</li><li><strong>Reputation.</strong> Build a reputation for providing a valuable service and fulfilling promises. Be known for your resolve and agility to overcome obstacles and ensure success. Remain adept and nimble as you audit in an ever-changing world, within evolving organizations, leadership, strategies, technologies, and risks.</li></ol><p>Practitioners who perform their work with these factors top of mind can safely say they audit with grit.</p><h2>The Power of Grit</h2><p>To quote Duckworth, "Our potential is one thing, what we do with it is quite another." Internal auditors have a tremendous platform to improve effectiveness within an organization, a platform that is sometimes underutilized. It's time to show grit as auditors and spend each day working to our full potential. <br></p>Amanda "Jo" Erven1
A Blended Approachhttps://iaonline.theiia.org/2019/Pages/A-Blended-Approach.aspxA Blended Approach<p>​Traditional audits are often awash in wasted time, unnecessary conflict, and incorrect assumptions. Active auditing is a form of Agile auditing that was developed in a major utility company to eliminate, or at least substantially decrease, these kinds of wasteful activities. The term active auditing was, in fact, coined because it is the antonym of passivity and waiting.</p><p>Lean — often synonymous with the Toyota Production System — is a change-making methodology. Agile is an IT project management approach. Active auditing borrows concepts from both disciplines to create a more efficient way to run audits. The catalog of material describing both Lean and Agile principles is vast, so active auditing borrows only what is needed to create an audit system that can work better than a traditional one. The system can best be explained by breaking it down into three pillars.</p><h2>Pillar One: Energetic Collaboration<br></h2><p>Lean and Agile both preach that there can be only one team, and that team members must work together throughout the project. However, the reality is often two teams — the audit client and auditors — facing each other across a battlefield even while proclaiming their intent to work collaboratively. Active auditing recognizes that both teams work for the board, and the board has the right to expect both to behave as a single, combined team. </p><p> <img src="/2019/PublishingImages/Coleman-combining-lean-agile-techniques.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:450px;height:331px;" />Collaborating energetically is a choice to which both auditors and audit clients must commit. Without deliberate and overt commitment, both groups tend to fall back into bad habits. Once committed, the two develop shared ground rules — defining what’s nonnegotiable for each of them and how they want to work together. Personal connection is critical for collaboration, so information should be shared early, often, and in person, as much as possible.</p><p>Beyond the practical steps, auditors must lead in making themselves open and vulnerable. This can be a scary step, as auditors typically are so accustomed to maintaining professional distance that laying their cards on the table may not come naturally. Auditors must be the first to extend an authentic, though likely uncomfortable, hand to the audit clients to collaborate. And they must mean it — in everything they say and do.</p><p>When teams energetically collaborate, better information is offered, rather than extracted; far less time is wasted; there are fewer misunderstandings; clients grow to believe the auditors understand them; there is less conflict, which is good for clients and auditor; and the audit can be fun.</p><h2>Pillar Two: Iterative Audit Execution<br></h2><p>Agile as a software development methodology was created to counter traditional sequential Waterfall techniques. Waterfall is how most construction projects are managed — by planning, designing, building, and implementing. It relies on high-quality requirements-gathering at the beginning of a project and an acceptance that changes midstream are unwelcome. In contrast, Agile embraces flexibility and change. To manage this flexibility, Agile breaks the work down into iterations, or sprints. An iteration is a mini-software project, with a specified beginning and end, that is structured to produce working and sellable software at its completion. If a typical large software project takes two years, an Agile project will produce perhaps 12 instances of sellable code over that time, whereas a Waterfall project will produce one. </p><p>The overall risk of the project is reduced because the Agile project tests the market frequently, while the Waterfall project hopes its grand unveiling two years from now is still what the market wants.</p><p>Active auditing borrows from the concept of iterations — breaking down the audit program into mini-audits. The typical steps of an audit — from risk assessment to workpaper approval — still occur, but in smaller chunks. And they are completed before moving to the next iteration. </p><p>Active auditing starts by building an overall audit program, which is the best initial guess at the right control objectives and fieldwork steps. Then, using engagement planning sessions, the work is assigned to time-boxed iterations. Time-boxing establishes start and end dates that auditors and clients commit to work within. It’s best to keep an iteration to between two and four weeks, but that choice depends on the fieldwork. After each iteration, the single, combined team pauses to reevaluate and ask: </p><ul><li>Based on what’s been learned, what needs to change? <br></li><li>Is the risk assessment still valid? <br></li><li>Are all the fieldwork steps required to assess the con-<br></li><li>trol objective? <br></li><li>Are the right people involved? <br></li><li>Where are the bottlenecks? <br></li></ul><p>Both Lean and Agile teach internal auditors to welcome change to their audit program as they learn more and reassess risk. They can’t assume initial planning was perfect, so they should embrace an evolving audit. In return, when audits are executed as smaller mini-audits, they become easier to manage because work is done in digestible bites, countermeasures to address problems can be applied in the next iteration, and the audit can be stopped after an iteration and still have useful results.<br></p><h2>Pillar Three: Visual Management <br></h2><p>A central principle of Lean is to make waste visible. When waste is visible, the people involved can work together to eliminate it. Frequently, “waste” appears in audit work in the form of waiting, unnecessary motion, rework, and overproduction. Active auditing uses visual management techniques borrowed from Lean to allow the combined team to fully understand the audit’s progress and each member of the combined team’s part in it. </p><p>The greatest waste in auditing involves waiting. Waiting for data to be provided, emails to be returned, interviews to be scheduled, and so on. Internal auditors compensate by shifting their focus to other things, but that means rework as they have to reeducate themselves on the subject when they return to that work. Making lost time visible using visual management tools drives wait time down. </p><p>As often as every day for 15-30 minutes, auditors and clients should hold a standup meeting around a visual control board (VCB). The VCB consists of panels that show progress on the audit program, assigned tasks, a “dog house” for tasks that aren’t getting done, a shared master calendar, and a “hearts & minds” board to capture shared expectations and concerns. Because Lean is inherently a change-making methodology, it provides techniques for helping build mutual purpose, and daily standup meetings with the audit clients in front of the VCB are an important example. VCBs can be as large as an entire purpose-built wall or as small as an 11x17 piece of paper taped to a conference room whiteboard. Visual management can ensure: </p><ul><li>Every member of the single, combined audit–client team is constantly updated on status. <br></li><li>Problems are visible long before they manifest; waiting actions — such as data or report requests — are visible to the entire team, and therefore can be expedited. <br></li><li>The human aspects of an audit (anxiety, mistrust, etc.) are addressed openly and treated as legitimate risks to the project.<br></li></ul> <h2>Celebrate the Audit <br></h2><p>Active auditing borrows two additional important concepts from Agile. The first is retrospectives. In an Agile software project, after each sprint, the team gets together to examine what went well and what should change. This is a critical aspect of improvement and it should occur at the end of every audit, and often at the end of any sizeable iteration. Ceremonies and celebrations are the second concept borrowed from Agile for the conclusion of the audit. The team members come together to celebrate, perhaps with food, and take a moment to reflect on the work they did together. </p><h2>Audit Without Limits <br></h2><p>It can be difficult to implement all three pillars at once. The best first step is to start holding frequent, but brief, standup meetings with audit clients and auditors. It will quickly become clear that the standups are more effective with some form of visual management tool. The VCB should be developed early and expanded and refined over time. As standups progress, it should become easier to collaborate more effectively by developing ground rules and acknowledging the human side of the auditor–client relationship.   </p><p>In the end, the three pillars of active auditing work in concert. Energetic collaboration allows visual management to function smoothly to manage the audit work. Tight monitoring of progress through visual management allows the audit to execute iteratively. Timely and frequently completed audit work is the outcome of internal auditors and the audit clients working as a single team. The specific techniques used are likely to vary among companies and even across audits, but the core concepts contained in each pillar are universal and can be implemented anywhere. <br></p>Prescott Coleman1
The Citizen Internal Auditorhttps://iaonline.theiia.org/2019/Pages/The-Citizen-Internal-Auditor.aspxThe Citizen Internal Auditor<p>​Internal auditors working in the public sector experience unique challenges. In many countries, they face a revolving door of elected officials looking toward the next election, appointees glancing over their shoulders to ensure the security of their appointments, and the heightened bureaucracy and red tape inherent with any governmental entity. </p><p>But perhaps the most daunting part of the job is that many government audit functions are required to make their final reports publicly accessible. The rest of us can only imagine the challenge of issuing a final report with the entire world watching. </p><p>Still, good things can come from potentially negative situations. One government audit function, for example, leveraged the reporting requirement by establishing its own website and using it to showcase the results of its work. The site showed internal audit’s positive contributions, providing constituents with concrete evidence of how tax dollars spent on auditing helped everyone. Imagine the opportunity to speak directly to stakeholders, explicitly showing the value auditing provides. </p><p>Practitioners may want to consider another upside to the public nature of this process — depending on where you reside, audit reports related to the various communities, municipalities, and governments associated with your area may be available for your perusal. At any time, you can go to the internet and find what is happening in your city, county, state, or other governmental entity. </p><p>Where civic participation is an option, internal auditors have two duties to uphold as citizens. The first mirrors that of any citizen — to become engaged in local government and the activities of public officials. But internal auditors also have something most other citizens lack — the professional knowledge and<br> experience required to understand public sector audit work. We are uniquely equipped to understand how local government uses the audit function, as well as the broader impacts on governance, risk, and assurance. </p><p>The challenge is to take the time to explore various local government websites and find those audit reports. Auditors can then determine if it looks like the audit function is examining the important areas, if their findings are important, and whether those responsible are addressing the findings. They can also determine if elected officials are taking the reports, results, and issues seriously. </p><p>If government entities fall short, internal auditors should step forward — as both citizens and professional internal auditors — and make their voices heard. Write letters and emails, speak up at open meetings, request a private meeting, and make elected officials understand the importance of internal auditing. If your voice is ignored, reach out to fellow professionals to help elected officials understand who they work for. Because when they work for internal audit professionals, those officials have an increased duty to ensure a strong governance structure — and a strong audit function — is helping everyone succeed. <br></p>Mike Jacka1
Auditing Conducthttps://iaonline.theiia.org/2019/Pages/Auditing-Conduct.aspxAuditing Conduct<p>​Outrageous behavior by employees within the global financial services industry have put boards and regulators on high alert regarding whether their companies are acting in the best interest of their customers. Recent scandals include Wells Fargo’s cross-selling program, where employees were pressured to open new bank accounts and issue credit cards for customers without their knowledge. At Australia’s Commonwealth Bank, some financial advisors charged clients service fees even when there was not any record of services being provided. The fallout from these and other scandals has included massive dismissal of staff, millions of dollars in fines, loss of customer confidence, and reputational damages. </p><p>Successful financial services companies view their customers as the heart of their business. These companies are focused on the continuous delivery of quality products and services that produce a fair and suitable outcome for their customers. Regulators and corporate boards expect companies to measure and demonstrate appropriate conduct toward their customers. Inappropriate, unethical, or unlawful behavior by the organization’s management or employees that lead to poor customer outcomes is not acceptable. </p><p>Today, conduct issues pose a great risk to a company’s success and sustainability. In addition to regulatory fines, companies that do not mitigate conduct issues may face a quick trial by “word of mouth” in social media that could result in reputational damage and loss of trust. It may be nearly impossible for an organization to manage the crisis and respond timely to correct the misconduct once the story gains traction on social media. That’s why internal audit departments should play a significant role in assessing whether their organization’s conduct risk framework is fit for purpose and identifies potential blind spots that management needs to address. <br></p><h2>Conduct Challenges</h2><table cellspacing="0" width="100%" class="ms-rteTable-default"><tbody><tr><td class="ms-rteTable-default" style="width:100%;"><p>​<strong>Conduct Audit Tips</strong><br></p><p>Effective mitigation of conduct risk looks beyond mere compliance with laws and regulations while putting the customer’s interests first. Auditors charged with assessing conduct risk within an organization should:</p><ul><li>Avoid a “check-the-box” approach.<br></li><li>Be customer-outcome focused by looking at behaviors from the customer’s perspective. For example, in looking at a product offering, auditors should ask whether the company did right by the customer.<br></li><li>Go beyond regulation to call out detrimental conduct risk that is embedded in the organization’s strategy, values, and culture. <br></li><li>Don’t just focus on “hard” controls. Auditors should look at soft controls that can give them a feel for how business is conducted outside the formal audit program. For example, does the culture encourage employees to meet aggressive or unrealistic sales targets?<br></li><li>Seek specialist knowledge from external experts if the organization lacks such expertise in-house.<br></li><li>Emphasize reporting and data analytics to identify potential conduct blind spots.<br></li></ul></td></tr></tbody></table><p>The main challenge for internal auditors is that each organization’s conduct risk profile is unique and there is no “one size fits all” prescribed framework for assessing behaviors toward customers. As a result, there is no standardized approach to auditing conduct risk. As large financial services organizations operate in multiple jurisdictions, with different legal and regulatory environments, the ability to design an audit program that can depict a timely and holistic view of conduct becomes complex. </p><p>Another challenge in assessing conduct risk is that public sentiment and societal norms are constantly evolving. What was considered acceptable behavior in the past may be viewed differently today. For example, in the past it was considered acceptable to smoke in the workplace, but today smoking in offices is viewed as unacceptable and is illegal in many places. </p><p>Similarly, in the financial services industry, the adoption of technology and democratization of information have dramatically changed what are considered acceptable fees to charge for mutual funds. Average mutual fund fees or expense ratios have declined substantially over the past 20 years from in excess of 1% in 1996 to a fraction of a percent in 2019. Auditors need to understand not only their organization’s operations intimately, but also the regulatory and societal expectations.</p><p>To evaluate whether an organization is acting with integrity in dealing with its customers, internal audit should assess whether the business designs and sells products and services in the best interest of the customer. As culture and conduct risks are interconnected, auditors should consider multiple factors that drive conduct and behaviors, including:</p><ul><li>Corporate governance.<br></li><li>Remuneration.<br></li><li>Incentive schemes.<br></li><li>Product development.<br></li><li>Sales practices.<br></li><li>Fees and charges.<br></li><li>Customer service.<br></li><li>Complaints handling.<br></li><li>Training.<br></li></ul><p>In general, a strong customer-focused culture leads to fewer conduct failings and helps to mitigate conduct risk. Internal auditors should leverage any previous audit work covering corporate governance, culture, and ethics in their conduct assessment. They should align their audit approach to the scale, business model, complexity, geographical reach, and regulatory environments in which the organization operates. Auditors should provide assurance on the design and effectiveness of controls over conduct risks and determine whether the controls in place are adequate and effective to mitigate the risk of poor customer outcomes.</p><h2>Audit Options</h2><p>In developing a structured approach to systematically assess conduct risk, auditors need to determine whether a top-down, bottom-up, end-to-end, or integrated audit is best suited for their organization. Regardless of what approach auditors select, the organization’s conduct risk framework is key. This framework should be anchored around the organization’s business strategy, risk appetite, culture, and values.</p><p><strong>Top-down </strong>The top-down audit approach starts by assessing the adequacy of an organization’s conduct risk framework and how the framework translates into policies. Then it drills down into how existing processes and controls over governance, risk appetite, culture, and behavior mitigate conduct risks. <br></p><p><strong>Bottom-up</strong> In the bottom-up audit approach, auditors assess the processes and controls within a business unit to determine whether conduct risk is mitigated. Auditors then can aggregate the conduct risk results of each audit into a thematic paper for effective communication to the board and senior management. <br></p><p><strong>End-to-End</strong> This audit approach evaluates the customer interaction value chain in its entirety. The customer interaction value chain comprises:<br></p><ul><li>Product design.<br></li><li>Pricing.<br></li><li>Distribution.<br></li><li>Sales practices.<br></li><li>Claims handling.<br></li><li>Complaints.<br></li></ul><p>While comprehensive, drawbacks to this approach are the manpower necessary to complete the audit and potential untimely communication of any findings.</p><p><strong><img src="/2019/PublishingImages/Land-integrated-audit-example.jpg" class="ms-rtePosition-2" alt="" style="margin:5px;width:400px;height:206px;" />Integrated</strong> In the integrated audit approach, internal auditors consider aspects of conduct risk in every audit of a business unit (see “Integrated Audit Example,” at right). Such audits can range from an evaluation of sales practices during an underwriting audit to looking at incentive schemes and training programs during a regulatory compliance audit. Auditors would report any conduct risk findings as an issue in each applicable audit.<br></p><h2>Conduct Blind Spots</h2><p>Internal audit’s holistic view of an organization positions the department to identify potential conduct risk blind spots by assessing the organization’s underlying culture and conduct toward customers. Moreover, in their advisory role, auditors can highlight specific departments and individuals as role models whenever they find exemplary behavior and best practices in conduct risk mitigation. These actions can help ensure the organization’s conduct stays on the straight and narrow.  <br></p>Anders Land1
Expand Your Role in Internal Audithttps://iaonline.theiia.org/2019/Pages/Expand-Your-Role-in-Internal-Audit.aspxExpand Your Role in Internal Audit<p>​How does a new internal auditor whose primary focus could be standard audits, such as auditing expense reports or U.S. Sarbanes-Oxley Act of 2002 testing, get the opportunity to work toward auditing nontraditional risks that are strategically significant to the company? Internal audit departments cannot audit what matters if it keeps new auditors on an island regarding internal and external information and changes facing their companies. By capitalizing on information and best practices, internal auditors can expand their roles both within the department and the organization. This is especially beneficial with the changing demands of stakeholders, senior management, and regulators. </p><h2>Internal Information</h2><p>Through a blend of formal and informal channels, internal auditors can keep their fingers on the pulse of the company and identify opportunities to add value. There are many formal conduits of information that can yield useful information about potential audit opportunities. Having internal audit participate in financial close calls and quarterly business reviews is a great way to identify the company's pain points and potential solutions. </p><p>For example, suppose while sitting in on a call, management notes that due to recent turnover and capacity issues, accounting was unable to identify the root cause of an issue related to absorption accounting at one of the production plants. The chief audit executive (CAE) volunteers one of his or her auditors to assist at an advisory level to do a root cause analysis and help develop an operational process narrative to help new employees understand the process. The auditor identifies issues that were causing absorption to be underreported at the plant, which, in turn, increased expenses. By remedying these issues, the plant is able to accurately present its financials and drive higher profitability. </p><h2>Informal Communication </h2><p>Internal auditors can get exposure to critical information through the simplest means. Developing professional relationships with different departments opens the door to many audit opportunities. It could be as easy as informally discussing issues facing their department that could expose process flaws or opportunities for improvement. This can be done by encouraging the audit team to sit with different departments in the company cafeteria instead of isolating themselves by sitting with other auditors. </p><p>Informally engaging with other departments also may turn up issues that aren't discussed in formal meetings. For example, suppose an auditor invites her company's operations manager to lunch. While trading pleasantries, the manager mentions that an employee quit his job a week before and left his badge and corporate credit card on his desk. No one has come to retrieve it and the items have been sitting out in the open ever since. The auditor is concerned, so she tests the badge at the entrance and it still unlocks the door. With her CAE's approval, the auditor reviews the exit process and discovers that 80% of employees who left or were fired that year still had access to the building, and that there was no formal offboarding process to ensure that badges were collected. The issue is then quickly remedied, but it may have persisted if the auditor had not decided to lunch with the operations manager. </p><h2>External Information</h2><p>Subscribing to industry publications and tracking standards and regulatory updates can help internal auditors gain a better understanding of the company, itself, and the industry their company is in. Greater knowledge of these areas improves an auditor's capability to indentify risks. </p><p><strong>Industry Publications</strong> Knowing how the industry is operating and trending can help identify risks, drive efficiencies, and create competitive advantages. Internal auditors can subscribe to industry publications or create Google alerts for their companies and competitors to easily stay informed about industry news and make educated assessments of risk.</p><p><strong>Standards Updates</strong> Staying current on relevant standards updates before their adoption dates allows internal auditors to identify issues their company might face and help address them proactively. When a new standard is adopted, instead of waiting for the evaluation and adoption to be completed by management, internal auditors can study the topic and develop the required competencies. Then they can discuss with their CAE their interest in joining the implementation team as an advisor. </p><p>At this level, auditors can be proactive in providing insight into the adoption controls that should be in place throughout the project and the process-level controls that should be embedded into the procedures during implementation. Major public accounting firms often release resources such as industry-specific interpretations and practical applications of standards updates for free.</p><p><strong>Regulatory Updates</strong> It is important to keep track of regulatory changes for smaller companies that don't have the resources to proactively disseminate regulatory information to their employees. For example, if an employee was not aware of a regulation such as the U.S. Telephone Consumer Protection Act (TCPA), which prohibits solicitation to phone numbers that are listed on do-not-call lists and the company uses robocalling for commercial solicitation, they could be exposing the company to risk. Or if it relied on data obtained by a third party saying it supposedly was already scrubbed against all numbers on state and national do not call registries, then making calls from that list could open the company up to class-action lawsuits if those numbers were opted in to a do-not-call registry. Since the TCPA is a strict liability statute that awards $500 per violation and up to $1,500 per willful violation, a class-action lawsuit with thousands of violations could have a material impact on the company. </p><p>Internal auditors can be a great resource by identifying regulatory risks such as these based on their knowledge of processes and staying current on regulatory laws and updates. This is a great example of how an auditor can step outside of his or her comfort zone to audit what matters to management. One caution when stepping out of comfort zones is to remember IIA Standard 1210: Proficiency. If an auditor does not have the competency to conduct the audit or review, he or she should not begin it. </p><h2>Grow Your Career</h2><p>Through leveraging internal and external information and capitalizing on change, internal auditors can position themselves to expand their roles and develop skills that will help them advance their careers. This includes staying informed and keeping their eyes open, continuing professional development, staying involved, inviting themselves to formal and informal corporate meetings, and ensuring they are prepared to deliver on engagements. <br></p>Alex Rusate1
Audit in Tunehttps://iaonline.theiia.org/2019/Pages/Audit-in-Tune.aspxAudit in Tune<p>M​etaphorically speaking, the music internal auditors make — the key ways we perform in our roles and the insight we bring to each engagement — must be our own special song. Each organization is different — each board of directors, C-suite, chief audit executive, and internal audit professional — and so is every geography, market, and strategic plan. In each instance, we have a unique opportunity to demonstrate our strategic knowledge of the organization and our understanding of the various business environments we occupy.</p><p>We maximize that opportunity, and demonstrate the value of internal audit to the organization, when each person's contribution joins all the others' to create something that wasn't there before — not just a report, or an update, or an analysis, but information and knowledge, insight and foresight. Musically speaking, notes and beats combine to form a melody, the memorable part of a song that stays in our heads because it's catchy, or moving, or somehow more engaging than usual. Our internal audit melody consists of the advice, data, and background details we provide that contribute to the organization's success.</p><p>Of course, melody without harmony can seem detached and less relevant — and melody without rhythm can ramble without direction or emphasis. Music is most memorable when all the elements are in sync. Our input as internal auditors is much the same. When we <em>Audit in Tune</em>, my theme as the 2019–2020 chair of The IIA's Global Board, we combine our growing influence and our ongoing grasp of the fundamentals of the profession.</p><h2>Fine-Tuning Internal Audit </h2><p>Successful audit professionals continuously fine-tune their audit approach and philosophy to adjust to rapidly changing conditions and to account for the evolving expectations of their stakeholders, whether we are auditing a business; a nonprofit organization; a university or school system; or a local, county, regional, state, or federal government entity. </p><p>As our influence and authority within our organizations continues to grow, we serve our stakeholders best, and keep earning our seat at the table, by building collaborative relationships with management and all other departments, including finance, IT, human resources, and legal, that help facilitate review and mitigation of key risks. I cannot overemphasize the specific merits of strong relationships with the organization's compliance function, if it's separate from internal audit. There's mutual benefit in working together to identify risk management opportunities that may not be evident to either function alone.</p><p>Indeed, our value proposition as internal auditors is built on maintaining a voice — and ongoing strong rapport and visibility — with the audit committee and senior management, and reinforcing the professional and standards-driven orientation of the function. That's what helps foster a corporate culture where our contributions are understood and respected. Forming and keeping those internal ties can be as simple a proposition as scheduling periodic lunches or meetings with relevant personnel; just about any format for keeping in touch will work, as long as it upholds the organization's cultural standards and the internal audit function's independence. </p><p>This is critical: We don't have to sacrifice our objectivity to successfully partner with our clients. Indeed, some of the best, most useful audit observations come from colleagues — the board, C-suite, line management, or hourly employees — who trust us. </p><h2>Providing the Melody</h2><table class="ms-rteTable-default" width="100%" cellspacing="0"><tbody><tr><td class="ms-rteTable-default" style="width:100%;"><p>​<strong>My Song</strong></p><p>The CIA designation I received more than 30 years ago means more to me now than ever. As our profession evolves and our influence grows, the CIA reflects our commitment to professional standards and confirms our value as trusted advisors to our growing network of stakeholders. </p><p>In fact, the relevance and impact those three letters represent today would have been hard to imagine when I completed my first internal audit in 1983. I remember when workpapers were prepared manually on narrative sheets and columnar pads, red and blue pencils were used for tic marks, and all reports were handwritten and left with the stenographers to be typed up later. Facsimile machines were the epitome of high tech.</p><p>At the time, I was in an internal audit position with JCPenney Co., where I benefited from outstanding training. Over time, I moved through the company’s Pittsburgh, Philadelphia, and Dallas offices. I’ve been with the Blue Cross Blue Shield Association (BCBSA) in Chicago since 1999, where I serve as the vice president, chief auditor and compliance officer. BCBSA is a national association of 36 independent, community-based, and locally operated companies that together cover more than 107 million members. </p><p>The scope of my internal audit work includes our Chicago and Washington, D.C., offices. We build an annual plan as a guide for addressing identified risks and then adjust it as necessary. Interestingly, many of the audits come in the form of management requests, which I consider validation that management perceives the value of our services. As compliance officer, I administer our internal code of conduct, business ethics training, conflict of interest process, and compliance helpline, and I am responsible for our national anti-fraud department, which supports the Special Investigation Units battling health-care fraud at each of the Blue Cross Blue Shield licensees. It is important to note that transparent and mitigating controls have been long established to maintain the independence of our internal audit function, despite these “second line of defense” responsibilities.</p><p>I was encouraged to volunteer for the IIA–Dallas Chapter shortly after becoming an IIA Audit Group member in 1989. Since my first committee assignment, I’ve filled an almost unbroken string of committee, officer, and local board roles, including serving as the IIA–Chicago chapter president and on various international and North American committees and assignments. I was the 2015–2016 chair of The IIA’s North American Board, which oversees all IIA operations in the U.S., Canada, and the Caribbean. During my term, we went through an intensive strategic planning session to make sure we synched appropriately with The IIA’s revised Global Strategic Plan. </p><p>The IIA’s Global Board — the governing body of The Institute — also has undergone a recent strategic refresh, and we’re better equipped than ever to manage The IIA, itself, and to provide the guidance and information that individual chapters and affiliates, as well as individual practitioners, count on us for every day. Our long-standing motto is Progress Through Sharing. My theme is Audit in Tune. I hope that when you combine those messages, what emerges is an orchestra of internal audit professionals helping each other achieve world-class results. Let’s have a great year.</p></td></tr></tbody></table><p>For internal auditors to provide the melody behind their organization's success, they need the right instruments. That's where The IIA comes in. Ultimately, it is The IIA's responsibility to provide internal auditors with the information they need in advance — before challenges grow too large — so they can then provide real value and unique insights to their own stakeholders. </p><p>Challenging times loom, and The IIA stands ready to help internal auditors face them with streamlined organizational governance as nimble and flexible at the global level as individual internal auditors must be every day. When internal auditors turn to The IIA for support and assistance, The Institute must respond quickly with the required updates and details. Beginning two years ago, The IIA embarked on a comprehensive assessment of its own governance practices, benchmarking as it progressed against a wide variety of resources. Two of the key outcomes of that review were a significant reduction in the size of the Global Board — from 38 members to 17 — and elimination of the 10-member Executive Committee of the Board. In a sense, the entire 17-member new Board will function as an Executive Committee. Those changes were approved by the membership in May 2018, and they became effective with our Annual Business Meeting in July 2019. </p><p>Moving forward, one of the many expected outcomes of the change to a leaner, more-laser-focused approach will be a more nimble decision-making process at The IIA's Global Headquarters, so it can respond to emerging issues more timely, while maintaining a focus on the strategic issues involved in operating an enterprise this large. This enables the Board to provide forward-thinking guidance both to the organization and to the organization's members. </p><p>The IIA's reorganization and ongoing efforts are designed with rhythm and harmony in mind, too, of course. They're the other elements — "rhythm" is developing our skills at performing the basic functions of our profession, and "harmony" is expanding contact and colleague networks within our organizations — that combine with "melody" to create the music internal auditors make when they audit in tune.</p><h2>Achieving Harmony</h2><p>In music, harmony is achieved with chords that move from beginning to middle to end, combining individual notes into richer, deeper sounds that blend multiple individual sonic expressions to tell a more impactful musical story. In internal auditing, harmony is the influential role auditors play in our organizations' success. Internal audit needs to be in lockstep with all of our stakeholders — and manage our audit processes in a way that's structured to hold everything together. That enables auditors to identify the key risks facing our organizations and ensure that our audits are timely, relevant, and responsive. This includes providing useful, meaningful advice on mitigating and exploiting those key risks, as appropriate.</p><p>At my organization, the Blue Cross Blue Shield Association, we're fortunate to operate in an environment with a strong ethics and control culture that supports the work we do — and that facilitates collaboration among colleagues with shared goals and interests. You might say we operate in a "harmonious" environment. </p><p>In music, harmony can come from a musical instrument or an orchestra, a voice or a choir. And if we audit in tune, the music we make can come in any format, as long as the right content is there. For example, when it comes to documenting our work, it doesn't matter whether our instrument of choice is a simple desktop application or a vendor-supplied workpaper tool — nor whether you're a solo act or part of the 100-plus member London Philharmonic Orchestra. At the end of the day, we all need efficient, professional, clear, and objective techniques to validate and support our audit observations and recommendations.</p><h2>The Rhythm of the IPPF</h2><p>The techniques internal auditors use, no matter how sophisticated, must be based on the basics of our profession. Every piece of music has a backbone of rhythm — it's the building block that supports a song. Similarly, when I talk about rhythm as part of my theme this year, I'm referring to internal audit's need to master and employ the fundamentals of the field as the processes we use, and the stakeholders we serve, continue to evolve. Indeed, as stakeholder expectations increase for many internal audit departments, we need to remember that credibility — one of our most valuable qualities — comes from both current knowledge and command of the basic skills that define a profession.</p><p>Demonstrating our command of the critical fundamentals of our work begins with the implementation of the International Professional Practices Framework (IPPF). The IPPF really should underpin everything we do as we engage in frequent and robust discussions with our audiences — our boards and audit committees, senior and operating managers, and, importantly, regulators. Consider the IPPF's Code of Ethics and <em>International Standards for the Professional Practice of Internal Auditing</em> to be the sheet music from which we should all be playing. The functions it facilitates — our ability to proactively identify and prioritize corporate risks, maximize finite audit resources through efficient and innovative audit techniques, and develop value-added recommendations for enhancing operations to help management achieve its objectives — are tangible metrics internal auditors can demonstrate.</p><p>I'm also a relentless advocate for professional certification. Becoming more complete internal auditors requires us to support the Certified Internal Auditor (CIA) designation, a globally recognized symbol of professionalism that demonstrates our ability to play a leading role in elevating organizational success. The CIA reflects our commitment to continued professional growth and development and shows our value as trusted advisors. Truly, it plays an instrumental role in helping us make our mark on our organizations and our profession. </p><h2>A Brand New Beat</h2><p>We have the opportunity to maximize our results when we audit in tune. Enhancing our rhythms, harmonies, and melodies will be increasingly critical in the future. The key challenges we face — remaining relevant and increasing our value to stakeholders, given the pace of innovation and changing risks; providing consistent work product quality, given the varying maturity of the function globally; and the continuing need to increase our skills — will demand every resource we can command in response. </p><p>It's time for internal audit to move to a new beat — each department's and each practitioner's unique blend of industry insight and strategic smarts — in every geography The IIA represents. And it's time to take center stage for broader and broader audiences. But as we do so, we can't forget our fundamentals. Let's take on the challenges ahead as a band of professionals making our own kind of music. </p>Mike Joyce0
Relevance Amid Disruptionhttps://iaonline.theiia.org/2019/Pages/Relevance-Amid-Disruption.aspxRelevance Amid Disruption<p style="text-align:justify;">Disruptive trends and technology will have a profound impact on employment in the coming years, according to The World Economic Forum's The Future of Jobs Report 2018. Already, the report says, business model disruptions are swiftly impacting skills for both current and emerging jobs across industries. Disruptive technologies like robotic process automation, machine learning, the Internet of Things, and blockchain, as well as the automation of business and assurance processes, are factors determining skill requirements for the current and future audit workforce. Moreover, the lead time to upskill is decreasing, whereas the proportion of core skills required to perform a job will rise incrementally. <br></p><p style="text-align:justify;">The employment impact of disruptive technological, demographic, and socioeconomic changes suggests two future scenarios — either limitless opportunities in newly emerging job categories (the optimistic view) or massive labor substitution and displacement (the pessimistic view). Either possibility is feasible, and opinions differ on which is most likely to unfold. <br></p><p style="text-align:justify;">I foresee massive opportunities for professionals who continually re-skill themselves and commit to lifelong learning. To ensure a lasting career shelf life and remain professionally relevant in the coming years, internal auditors need to pursue a strategy of continuous improvement. Ten steps, in particular, can help practitioners thrive amid disruptive organizational change.<br></p><p style="text-align:justify;"><strong>1. </strong><strong>Ask Yourself — What Did </strong><strong>I</strong><strong> Learn Today? </strong>Anyone seeking career growth should strive to learn something new every day. Remaining well-informed and keeping up to date on new business and industry trends is essential to professional success. The World Economic Forum report recommends incentivizing lifelong learning as a strategic long-term solution for its predicted skill shortage. Regardless, every professional should recognize the value of continuing education and develop themselves accordingly. As a starting point, anyone can access a treasure trove of information simply by looking at his or her organization's annual report. These important documents contain edifying details on strategy, industry trends, key initiatives, and primary areas of business focus. Moreover, productive areas of learning and development could include cognitive technology, General Data Protection Regulation assurance, cybersecurity imperatives, culture auditing, integrated assurance, Agile internal auditing, data analytics, predictive analysis, and automated assurance methodology. <br></p><p style="text-align:justify;"><strong>2. </strong><strong>Don't </strong><strong>Equate Time With </strong><strong>Experience </strong>Professional<strong> </strong>experience should be based on competency and expertise, not on timelines. Thinking of experience simply as the number of years spent in a role or function is a dangerous mistake. In fact, with the speed of innovation and change in today's businesses, experience has become virtually meaningless as a measure of value. Nearly two-thirds of surveyed organizations from The Future of Jobs Report say that, as part of their learning strategy, they plan to invest in re-skilling current employees. Internal auditors should seek to build competencies and expertise for the future, learn as much as possible while working, and keep exploring new processes and technologies. They should pursue innovations in their work and in their engagement with stakeholders, and they should not be content with repeatedly doing the same thing the same old way.<br></p><p style="text-align:justify;"><strong>3. </strong><strong>Read at Least Five Hours a Week</strong> According to The World Economic Forum report, problem solving and critical thinking are among the key skills needed for 2022. With increasing geographical and cultural diversity in the workforce intermingled with higher use of disruptive technology for work across industries, such soft and behavioral skills will be in greater demand. Reading books can help enhance these skills. A daily reading habit, or any routine that would amount to at least five hours of reading each week, can open up new windows of thought and introduce unique perspectives. Broadened understanding and exposure to new points of view are essential to effective performance and growth as a professional.  </p><p style="text-align:justify;"><strong>4. </strong><strong>Get Trained and Certified</strong> More than a third of the desired core skills projected for 2022 are not yet considered crucial for today's work<strong>,</strong> according to The World Economic Forum report.<strong> </strong>Disruptive technological changes bring with them the demand for newer skills. For this reason, no one can afford to rest on past laurels and qualifications. Instead, internal auditors should research available training or certifications, enroll in their organization's in-house training programs, or request sponsorship for external training. Professional associations, roundtables, and clubs can also be valuable sources of knowledge, continued professional education, and connections to industry. <br></p><p style="text-align:justify;"><strong>5. </strong><strong>Accept That Change Is Inevitable</strong> To paraphrase the ancient Hindu text <em>Bhagava</em><em>d</em><em> G</em><em>i</em><em>ta</em>, what is born has to die. Nothing is permanent, including change, which itself is always changing. Moreover, no one is indispensable. The role you occupy today was likely held by someone else previously — and you may choose to leave that role soon, or the organization may replace you with someone better. Avoid becoming so emotionally rooted into your current role that uprooting or moving becomes onerous. Treat every change as an opportunity; prepare yourself and be ready to move on.<br></p><p style="text-align:justify;"><strong>6. </strong><strong>Embrace Change</strong> Many organizations are on a high-speed innovation path, and innovation is a catalyst for change. Be part of the change, not a roadblock to it. Rather than wasting time endlessly questioning change, be the first to identify the need for new competencies and upskill accordingly. Often, disruptive changes create an urgent skill gap inside organizations, thus creating new opportunities for early adapters. The key for internal audit to remain relevant to the organization is a willingness to use new technologies and quickly adopt new methods of working (e.g., Agile internal audit, integrated/automated assurance, alternative staffing models, etc.). Only those who keep pace with organizational aspirations can create real value for the business.<strong> </strong><br></p><p style="text-align:justify;"><strong>7. </strong><strong>Don't Fall Into the Supervisor Trap</strong> Many professionals share the common ambition of growing in the organization and advancing to positions of leadership. But focusing only on managing people, and neglecting to develop other skills, can be a professional death trap. The higher someone rises in the organization, the more vulnerable he or she becomes. Managers are closely watched, with every move analyzed in detail by subordinates and management alike. Hence, managers cannot survive for long on their strengths in resource administration, team management, and interdepartmental relations alone. They need to also focus continually on building depth of expertise. Managers need to explore the functional or technical aspects of the operations they manage, learning in detail about their operational area, business segments, existing and upcoming technology, and best practices. Doing so will earn both respect from the supervised team and the trust of management.  <br></p><p style="text-align:justify;"><strong>8. </strong><strong>Never Stop Asking for Feedback</strong> It's important to perform a job well and to be satisfied with it, but it's more important to ask clients whether the job was delivered as expected. Always look for genuine and constructive feedback — if it isn't provided voluntarily, seek it out. Take all feedback with an open mind, analyze it, and work toward improvement. Listening to the client is the only way to remain focused on what's important and to serve as a value creator for the organization. <br></p><p style="text-align:justify;"><strong>9. </strong><strong>Don't Overvalue Job Security </strong>As The Future of Jobs Report emphasizes, job security is in decline, whereas compensation and work-life balance have increased. While having a secure job can provide comfort, a strong desire for security may limit career potential and prevent exploration of new opportunities. A larva may be safe while remaining inside its cocoon, but to grow it must leave these safe confines and take flight. Likewise, internal auditors must resist fixating on security and seek broader professional horizons. Social networks such as LinkedIn and Xing and engagement with like-minded peers can present a wave of opportunities. Be ready to leave your safety net, remain alert to new opportunities, and take on new challenges. Always share knowledge or experience gained with peers, and learn from others. <br></p><p style="text-align:justify;"><strong>10. </strong><strong>Treat Your Job as an Investment</strong> Your current job should be an organizational ladder, not a plateau. Always view the time, effort, and energy put into your current role as an investment, and treat it as a stepping stone for the next position. Doing so will keep you motivated to work hard and perform better. At the same time, as with any investment, always assess the expected rate of return. Ask yourself what future role your current one will lead to. Does that role interest you? If the future path is hazy or undesirable, or if your career has become stagnant, continuing in the current role is pointless. Start looking for a more appealing position — one that aligns more closely with your interests and ambitions. </p><p style="text-align:justify;">As an overarching principle to these steps, every professional should consider what ultimately drives him or her. What would you do if you didn't have to go to work tomorrow? What makes you happy, sparks your interest, and ignites your enthusiasm? Perhaps there's an area you've always wanted to explore but for various reasons couldn't devote attention to it. Find your passion — a rewarding pursuit that excites and motives you. If you have one already, start thinking about how you might parlay that interest into a fulfilling vocation. If you don't have one, find your interest and explore the possibilities. Engaging in meaningful, stimulating work will uplift your professional life and bring long-term satisfaction to your career. <br></p>Parthasarathi Jha1

  • Fastpath_Oct 2019_Premium 1
  • IIA CPA_Audit_Oct 2019_Premium 2
  • IIA Certification_Oct 2019_Premium 3