Professional Proficiency: What Does That Really Mean for Internal Auditors?
October 10, 2013
As professionals, internal auditors are expected to possess a number of core attributes. An overarching attribute that is not the subject of very much discussion is "professional proficiency." Most of us understand that professional proficiency is an expectation, but what does it really mean?
IIA Standard 1210: Professional Proficiency requires internal auditors to possess the "knowledge, skills, and other competencies required to perform their individual responsibilities." I fear that many assume that one automatically demonstrates his or her proficiency by obtaining appropriate professional certifications and qualifications, such as the Certified Internal Auditor (CIA) or Certification in Risk Management Assurance (CRMA) offered by The IIA. As important as qualifications are, however, I believe that demonstrating professional proficiency is an ongoing process. Proficiency must be demonstrated in every professional task we undertake.
According to Practice Advisory 1210-1 (PDF), proficiency means:
- The ability to apply knowledge appropriately without technical research or assistance.
- Understanding of accounting principles and techniques (if we are conducting financial-related audits).
- Ability to recognize the indicators of fraud.
- Knowledge of key IT risks, controls, and technology-based audit techniques.
- Familiarity with management principles and good business practices and the ability to apply that knowledge to recognize significant deviations and recommend reasonable solutions.
- Human relations skills to maintain satisfactory relationships with clients.
- Oral and written communication skills to clearly and effectively convey engagement objectives, evaluations, conclusions, and recommendations.
I don't believe that every internal auditor has to be an expert on everything, any more than a goalkeeper should be expected to be able to play every position on a football/soccer team. It is incumbent upon each of us, however, to learn as much as we can so that collectively we can field a winning internal audit team for our organizations.
But while Practice Advisory 1210-1 makes allowance for chief audit executives to recruit outside experts to fill knowledge gaps in the internal audit team in the short-term, I would submit that it is the job of every member of the internal audit team to work constantly to fill those gaps through continuing education, diversity of experience, and certification.
As I have often written here, the internal audit profession is constantly evolving, adapting to a changing risk landscape to identify emergent risks and align with the changing goals and objectives of the board and senior management. As a practical matter, that means we can never rest on our laurels. We should always be updating our skill set. As change agents, we must never allow ourselves to become complacent or assume that colleagues will cover for us in areas where we might not be experts.
When I was first appointed as Inspector General of The Tennessee Valley Authority, I was in awe of the fact that I would be leading the audit operations of the nation's largest wholesale producer of electricity. It would have been easy for me simply to defer to the expertise of my highly qualified audit team. However, I felt that I needed to have some proficiency in electric power generation and distribution to enhance my credibility in leading the organization. So I enrolled in one of the basic electric utility courses that the company offered to entry-level employees. It did not make me an expert, by any means, but it certainly enhanced my proficiency.
Unless we are willing to step up as individuals and even internal audit leaders, our internal audit activities won't be proficient, and we will not be able to demonstrate the value that our stakeholders have a right to expect.
Are you proficient? How do you keep your skills current? Let's have a dialogue. I'd love to read your thoughts.