One of the things I enjoy most about social media is its ability to stimulate passionate and seemingly endless debates over the most insignificant topics. For many, these debates take place on Facebook or Twitter. For internal auditors, LinkedIn tends to be the platform of choice. For the past few days, internal auditors and others have been chewing on one particular LinkedIn post like a "dog with a bone."
It all started about two weeks ago with the following post to The IIA's Official Global Group:
"Should the internal audit profession be the preserve of chartered accountants only? Or should it be opened up to people with diverse professional backgrounds?"
Now, I am quite certain that the individual who posted this question knew that it would be provocative and would stimulate a lot of debate — and it certainly has. As of this writing, almost 40 comments have been posted. Almost all of them have taken the position that modern internal auditing is a profession that mandates a diverse set of skills. A few have derided the very question itself. In fact, a few days after the question was posted, I posted the following response:
"Given the evolving focus of the internal audit profession in recent years (for example in 2013, only about 21% of internal audit coverage is financial-related), the better question might be: 'Should the internal audit profession still recruit chartered accountants or should it only be recruiting people with diverse professional backgrounds?'"
While the original post and my response might evoke a smile — or frown, depending on your point of view and the credentials you hold — they were both designed to stimulate debate.
To address the more serious topic of internal auditor qualifications, I point you to IIA Standard 1210: Proficiency, which states:
"Internal auditors must possess the knowledge, skills, and other competencies needed to perform their individual responsibilities. The internal audit activity collectively must possess or obtain the knowledge, skills, and other competencies needed to perform its responsibilities."
There was a time when internal audit focused almost exclusively on financial risks and controls. However, this is the 21st century, and the profession has evolved dramatically. While a well-resourced internal audit function will include individuals with strong financial backgrounds (such as certified public accountants (CPAs) and chartered accountants (CAs)), it also will include a much broader diversity of skills than internal audit functions of a generation ago. It's likely to include individuals with expertise in business operations, IT, compliance, fraud investigation, and many other areas. If I were looking for a specific credential that demonstrates knowledge and proficiency in internal auditing, I would look for a professional who is a Certified Internal Auditor (CIA).
So, to summarize, modern internal auditors must follow the risks. That requires more than just financial expertise. But yes, CPAs and CAs can be internal auditors, too.
I welcome your thoughts on this topic.