Posts Tagged “Auditor job description”

Have you ever had one of those days where you were determined to write that audit report? So you block off the time on your calendar, go into your office, shut the door, remove any and all distractions and breathe. Because now is the time to take all of those thoughts and perfect phrases running wild in your head and put them on paper. You sit down at your desk ready to make it happen. And you come up with nothing.

You decide to invite a colleague in to assist. Because after all, two heads are better than one. The two of you discuss the issues thoroughly, but nothing seems to sound right.

Writing objective observations takes time, skill, and tact. And if you’re like any other auditor, the audit issues sound wonderful in your head. But by the time you formulate the right words, reach for your pencil and place it on paper, that wonderful wording has become a distant memory. It’s worse if you’re in a group setting because you now become frustrated as the group begins asking you to repeat what you said. Unable to remember words uttered only seconds prior, it is only then that you realize how old you truly are.

If you’ve ever faced this situation, do not fear. There are several tools and techniques you can use to speed up and improve your report writing. But first, we must address the five big problems with writing reports:

1. We think faster than we write
2. Our million dollar thoughts come at the wrong time
3. We believe in writer’s block
4. We look for perfection in the first paragraph
5. We don’t understand and/or appreciate the writing process

5 Problems with audit report writing
We think faster than we write
We’ve all been there. Browsing through our cabinets trying to make a mental grocery list. Then you reach the point where there are too many items to remember. You decide to write a list. You reach for your paper and before the pen touches the pad, you’ve already forgotten the five items you wanted to write.

Our brains are fascinating. I can remember where I was in the summer of 1989, but I cannot remember what I ate for breakfast this morning. It is that forgetfulness that can derail your report writing.

Our million dollar thoughts come at the wrong time
Worse yet is when you have this wonderful idea, but then realize that it is 5:00 o’clock and you are stuck in traffic. There is no way you can capture that great thought without causing a pile up. So you try other techniques. You turn off the radio and repeat whatever it is over and over. You hope to continue this until you get home, or at least until you get to a stopping point. Of course something interrupts your thought and you forget what you were trying to remember.

We believe in writer’s block
Some people believe that writer’s block is a thing. I’m here to tell you, it is not. At least in the context of business writing or internal audit reports. Wikipedia define writer’s block as follows:

“Writer’s block is a condition, primarily associated with writing, in which an author loses the ability to produce new work or experiences a creative slowdown. This loss of ability to write and produce new work is not a result of commitment problems or lack of writing skills. The condition ranges from difficulty in coming up with original ideas to being unable to produce a work for years. Writer’s block is not solely measured by time passing without writing. It is measured by time passing without productivity in the task at hand.”

As you can see, writer’s block is a primary concern for creative writers. Our audit reports are, or should be, factually based non fiction. We are taking a series of facts, placing some logic and order to those facts, and providing management with a conclusion. What we are not doing, is creating new characters or developing plots and story lines. We know the beginning, middle and end of the story. Therefore, we know what to say. The problem is how do we say it so that it has the best impact given within the culture of the organization.

We look for perfection in the first paragraph
Because audit report writing is simpler than creative writing, we believe that we should be able to sit down and create the perfect prose in minutes. After all, we know the beginning, middle and end of the story. When we finally put pen to paper, our initial draft is usually not good. We then become frustrated. But I believe that frustration is because we don’t understand the writing process.

We don’t understand and/or appreciate the writing process
All the magic happens in the editing. Any writer will tell you this. Ernest Hemingway famously once said that “The first draft of anything is ****” (insert a very bad word here). As someone who has had articles published, I can tell you this is true. I can recall the first time I sent something to an editor. I thought it was an okay piece. But what came back was a magnificent manuscript. I fined tuned it a little and the result was something we were all pleased with. The writing process does not require perfection at the start. Your initial goal is to get something on the page. After that, trust the process and let the magic happen in editing.

3 tools you can use
Google voice typing
Because our brains seem to signal our mouths to speak faster than our hands can write, voice typing is the perfect shortcut to getting those wonderful words out of your head and on paper. For those unfamiliar with voice typing, you talk, it types. It’s as simple as that. Well, sort of.

The best free voice typing tool I’ve found is through Google. Log in to your account. Then, access Google Docs and open a document. Go to Tools, then Voice Typing (or you can press Ctlr+Shift+S).

You will see a microphone that may say Click to Speak. Click it, talk to it, and watch the magic happen. You will need to learn certain commands like period, comma and new paragraph. But other than that, if you speak clearly, it will recognize most speaking voices and words.

Your Cell Phone voice recorder
If barking out commands to your computer isn’t your thing, you’re in luck. There’s another option. If you’re like me, your cell phone is probably within arms reach. Grab your phone and go to your favorite app store. Search for a voice recorder. You should see several. Download one that piques your interest.

You can now record yourself talking about the audit issues. Now you will never miss that wonderfully worded paragraph that would sound great in an audit report. Once recorded, you can listen to the recording and pull out the impactful paragraphs.

Transcription
If you truly believe the recording represents your best work ever, you can have it transcribed. Yes, you heard me, transcribed. It’s not as bad or as expensive as you think. Before I get into that, I must say that I am not being paid by nor am I endorsing these specific products. there are several transcription services that I have used. Some use live transcribers while others use automated engines.

Summary

Writing audit reports can be a daunting task. But it has to be done. Nowadays we have a lot of tools that can help streamline the process. Many of the biggest issues start with us. Writer’s block is only as real as we allow it to be. Sit down and put something on paper. Use some electronic tools to get your words on paper. Almost any words will do. Afterall, the magic happens in the editing.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The world of internal audit continues to advance. In recent years, audit teams have increasingly used data analytics and cloud technologies to increase efficiency and improve assurance. Now, emerging technologies like AI and robotic process automation (RPA) are further making their way into internal audit. Audit International take a look at what effect this will have on Internal Audit and Financial Services in the future.

It’s still early days, but the trend toward automation is clear. In fact, when asked about emerging technology, 20% participants of a recent audit teams survey said they’re already using RPA. In addition to that, 12% said they’re using AI, 3% said they’re using blockchain, and 15% said they’re using more than one type of emerging tech.

These technologies, particularly RPA, have the potential to enhance audit quality. For example, RPA can enable internal audit teams to spend more time collaborating with other departments and sharing results with boards, rather than getting bogged down in repetitive, less strategic tasks.

And in data-centric industries like financial services, these technologies can make a particularly large impact, as we’ll examine in this article.

What is RPA?
Physical robotics can perform motions that automate repetitive tasks, like putting a cap on a bottle or moving a box from one place to another. Similarly, RPA automates repetitive tasks, but the difference is that RPA is centered around software, not hardware.

“Robotic process automation (RPA), also known as software robotics, uses automation technologies to mimic back-office tasks of human workers, such as extracting data, filling in forms, moving files, et cetera. It combines APIs and user interface (UI) interactions to integrate and perform repetitive tasks between enterprise and productivity applications,” explains IBM.

What does RPA mean for internal audit?
One way that RPA can be used for internal audit is to make data-related tasks more efficient.

“If we cut to the chase, the job is straightforward: we download data, analyze it, and use it to discuss processes and controls…The issue is that we waste a lot of time obtaining and formatting data for each audit—the same tables and charts repeatedly,” writes Jean-Marie Bequevor, Expert Practice Leader Internal Audit at consultancy TriFinance, in an article for Internal Audit 360°.

RPA can also help to automate periodic reporting. If you know certain information is needed in every report, then an RPA program could potentially be set up to obtain and fill that information.

That said, RPA can also carry risk, both in terms of the use of RPA in audit programs and the use of RPA across other departments. Internal auditors need to consider RPA internal controls to make sure that RPA is being used appropriately. You wouldn’t want to end up with a misprogrammed bot that creates errors or security holes.

What does RPA mean for financial services?
In addition to being used for auditing, RPA can also play a role in corporate finance and the financial services industry more broadly.

Finance professionals — ranging from corporate treasurers to wealth managers to mortgage lenders — deal with large quantities of data. With RPA, financial services professionals can automate data-related processes like data collection, data cleansing, and analysis.

For example, an investment analyst might use RPA to improve their research process. Instead of manually creating and assembling a clean spreadsheet full of financial data, an RPA tool could automate that, freeing up time for the analyst to engage in more complex, nuanced tasks.

RPA in financial services can also help when it comes to client service and marketing tasks. For example, banks could automate activities like identifying customers that are a good fit for credit card offers or loan products. Rather than sending out these offers to all customers or manually reviewing every client file, an RPA program could be set up to compile a list of customers that meet certain criteria.

These are just a few of the many ways that RPA can be used in financial services and internal audit in general. A repetitive, data-oriented business process tends to be a good candidate for RPA. Many of these types of tasks exist in the financial services industry in areas ranging from compliance to customer onboarding.

With automation, financial services firms can free up time and focus on higher-value work, like building customer relationships and identifying new revenue opportunities. Meanwhile, internal audit professionals can use RPA to efficiently provide assurance.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have compiled a list of do’s and don’ts for auditors when potential wrongdoing surfaces.

Fraud can occur within any organization regardless of size or sophistication, even when internal controls seem effective. Despite this harsh reality, many audit clients and auditors are caught off guard when they become aware of alleged fraud. This article addresses how auditors should respond if suspicions or allegations of fraud surface during a financial statement audit.

To begin with, it is important for an auditor to remember the definition of fraud in the context of an audit – “An intentional act by one or more individuals … involving the use of deception that results in a misstatement in financial statements that are the subject of an audit”

With allegations of fraud, the key consideration for an auditor is whether the fraud might result in material misstatement of the financial statements. While allegations of fraud should always be appropriately considered by the auditor, not all fraudulent acts will necessarily have a material impact on the financial statements. Auditors are mainly concerned with misstatements that result from either fraudulent financial reporting or misappropriation of assets.

Before discussing what to do as an auditor if you become aware of potential fraud, let’s highlight first what you should not do: Never draw conclusions of guilt or innocence
The legal determination of whether fraud has occurred is made by a judge or jury, not by management and not by the auditor. So, when suspicions or allegations surface during an audit, it is important not to make conclusive statements of guilt or innocence either orally or in writing.

Instead, advise your audit client to seek legal counsel regarding what steps to take in response to the allegations. Even though the client’s action or inaction in addressing suspected fraud may affect the trajectory of the audit engagement and raise issues such as whether an audit firm can issue an opinion or should withdraw from the engagement, it is not the auditor’s role to be legal adviser to the audit client. The auditor instead needs to focus on an appropriate audit response to the situation within the context of generally accepted auditing standards.

WHAT TO DO IF THERE IS SUSPECTED FRAUD

Our discussion to this point has focused mainly on what not to do, so what should you do if you become aware of suspicions or allegations of fraud during an audit?

Notify the right people :
Depending upon who is suspected of the fraud, identify the appropriate members of management or those charged with governance to contact. Notify only those client parties who need to know.

Ask questions :
Gather essential facts about the suspicions or allegations relevant to the audit.

Document your actions and determine the situation’s effect on the audit :
Consider the possible outcomes of a client’s fraud investigation and its impact on the audit, which could include termination of the employee accused of wrongdoing, a fidelity bond claim, legal action, or a combination of these. How a client responds to such allegations or suspicions of fraud will directly affect how an auditor should respond. If a client does not take such allegations seriously, withdrawal from the engagement may be necessary.
In summary, when suspicions or allegations of fraud surface during an audit, it is extremely important to demonstrate a sufficient response to the situation to support the auditor’s conclusions on the engagement.

And finally, make sure you are asking yourself these KEY QUESTIONS.

As you gather information relating to allegations or suspicions of fraud during an audit, consider the following key questions:

– Who will investigate the suspicious activity and follow up on the allegations?
– What are the client’s policies, and what outcomes may come from its investigation, such as termination of the employee, a fidelity bond claim, legal action, or a combination of these?
– What financial statement misstatements are suspicious? What transactions are suspicious? What assets are suspected of being missing?
– Who is the suspect? Is there more than one?
– How long has the suspect been employed at the organization? Note: The worst-case scenario is when allegations are toward a very long-tenured employee with limitless access and authorization to the organization’s assets and systems throughout his or her tenure.
– What is the period under suspicion?
– What roles/positions did the suspect have throughout his or her employment tenure?
– What access does, or did, the suspect have to assets and systems throughout his or her tenure?
– What are the possible ways the suspect could have committed fraud, considering his or her access and authorization to assets and systems? Has the suspect confessed to committing fraud? If so, what did the suspect confess?
– Are there any controls in place that would mitigate fraud risk and limit the amount of possible fraud committed?
– Can you estimate a “worst-case scenario” amount of how much cash or how many assets were stolen?
– What misstatements to the financials could result from the suspected fraud? Consider the possible impact on beginning net assets if prior years are involved.
– What disciplinary measures have already been taken toward the suspect? Did the client place the suspected employee on leave and limit his or her access to assets and systems?

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The role of an IT Auditor within an organisation is to maintain the security of the company’s IT systems, ensuring they are efficient and cost effective. They must maintain the firm’s internal controls, records and data as well as to help organisations operate within the law to guarantee they’re not in breach of compliance and regulatory standards.

When it comes to the types of questions an individual can expect upon applying for IT Audit jobs, Audit International got the inside scoop when they sat down with a Company Director, to get his insights on what candidates can expect.

The likelihood is that the interviewer will start with questions aimed at getting a good sense of a candidate’s technical background. Questions around certain controls within a tech environment, networks, routers and so on.

The purpose of these questions is to get a sense of a candidate’s technical background, as well as their understanding around IT governance, IT general controls and IT risk management. This is your chance to demonstrate the way you evaluate IT and your examination of it in relation to IT risk and IT control frameworks.

Other questions will be focused on drawing out whether a candidate is right for the role in question as there are so many different specialisations within IT Audit, including cyber security, IT General Controls and applications, infrastructure or data. So, the interviewer is hoping to see where a candidate fits best within the business as well as getting an idea of the types of technologies they’ve had exposure to. This could be directed at the different types of environments you’ve had experience with, such as Linux and UNIX or it could be broader in terms of the networks and databases you’ve worked on.

In this day and age employers are definitely looking for individuals who are more technically competent and SME specialised rather than being IT generalists.

The next thing interviewers will want to assess is a candidate’s soft skills, as well as their ability to cast a helicopter view across the business as a whole, which could prompt more situational questions:

How do you face off to senior executives?
How do you deal with stressful situations?
What is your tactic for delivering negative feedback to the business or to a colleague?
If you encounter a difficult stakeholder, how would you go in and manage their expectations?

You will also be asked questions regarding your communication skills, specifically when it comes to relaying information to non-IT people. They want to see that you’re comfortable breaking down the technicalities of IT into layman’s terms in order to make it accessible to those non-technical people both at board level and elsewhere in the business.

Tell us about a project you’ve worked on.

A lot of IT Audit shops will run audits as projects which may lead to questions around specific ones you’ve worked on and other questions around project management.

Tell me about a technical problem you’ve encountered.

This is your opportunity to talk about an issue you’ve gone in to evaluate and how you’ve interacted with a non-IT user, built that relationship in order to identify the problem and worked with them to resolve it.

Moving on from soft skills, the interviewer will likely want to broach a candidate’s awareness of risk and controls. The line of questioning may be centred on databases for instance:

What types of controls would you be looking for?
Where do you think the weaknesses might be? What about areas of resilience?
Are there any security or compliance issues based on that?

Candidates really need to show how well they can evaluate these issues. It’s about providing enough detail so that you cover all the relevant points an employer would be looking for, while also contextualising your answers within the broader scope of the business’s needs. You need to show industry awareness beyond your technical qualifications.

Why do you want to work in IT Audit?

Some candidates may be coming from the Big Four, which is a fairly classical move into IT Audit, though of course other people will be coming from different backgrounds and disciplines, so the interviewer is going to want to understand the motivation behind your chosen career.

IT Audit is different to business audit, for the latter you need to be an SME in a particular area. If you’ve been working in manufacturing for 10 years, it would be very difficult for you to move into banking audits for instance. However, as an IT auditor perhaps within the cyber security space conducting third party assessments looking at cloud security and so on, though that is a very specialist area, you would have an easier transition between industries. Overall, the important thing an interviewer will be looking for is valid and researched reasons for wanting to work in that industry.

What is your perception of IT Audit, specifically with regards to this business?

This is where you can demonstrate that you’ve done your homework on the company and explain how you see the role of IT Audit and its subsequent benefit to the business. This can also lead onto a discussion around where you see your career in IT Audit progressing, whether that’s moving up the ladder of IT Audit itself or using it as a platform to move into another area of the business.

Where do you see your career going in the next 3-5 years?

The interviewer doesn’t expect you to know exactly where your career is going to go, but they do want to understand your ambition. Having a clear vision for your own professional development is reassuring for your potential employer and certainly helps them better place you within the business and collaborate in order to create value both for your personal progression and for the business itself.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Audit International have put together a brief guide to strategic audit planning and resourcing.

Managing your audit requires strategic planning whilst ensuring that all internal resources are appropriate and effectively deployed.

Strategic audit planning
An audit needs assessment (ANA) exercise should be undertaken to inform the development of the organisation’s internal audit strategy (IAS). This ANA should be regularly updated and the IAS amended as necessary to reflect the changing assurance needs of the organisation.

The ANA should be updated at least annually but, increasingly, organisations are seeking to achieve more organic strategies that evolve more frequently to reflect the increased speed of change which many are experiencing – particularly fuelled by technology and competition. This requires continuous monitoring of the internal and external environment, and frequent and meaningful dialogue with both senior management and the audit committee.

The ANA represents a critical ingredient in the provision of an adequate, relevant and timely internal audit. It should be used to direct internal audit resources to those aspects of the organisation that represent the greatest risk to the achievement of its objectives, and where internal audit can aid management of those risks.

The ANA process should include:
-Review of the organisation’s risk register / board assurance framework
-Review of performance management data
-Review of previous audit opinions and progress on actions
-Review of other second and third line sources of assurance
-External major incidents/risks and other factors such as industry issues
-Planned organisational changes or major projects
-Reports from regulators
-Discussion with senior management, audit committee and external audit

All of the above should be considered in the context of organisational risk appetite, current risk exposure and acceptance of risks.

In organisations which have moved their risk management arrangements on to reflect the board assurance framework, this is a useful tool in the ANA process. This approach starts with strategic objectives, the risks to achieving those objectives, and then typically the ‘three lines of defence’ within the organisation which aim to manage risk to within appetite.

The first line of defence is the internal control environment recognising the policies, procedures and processes put in place by management. The second line of defence is management’s own monitoring and risk assurance processes including those escalated up through the governance framework. The third line of defence is independent assurance, providing a position statement for internal audit within organisations.

When considering the focus of the organisation’s IAS, the board assurance framework can help internal audit identify where it can provide assistance in its ‘consulting’ role surrounding business critical risk exposure beyond risk appetite. It can also help identify where ‘independent’ assurance will add most value by focusing upon those controls which the organisation believes are managing business critical risks within risk appetite.

The IAS should prioritise reviews over a particular timeline. The timing of reviews will be driven by a number of factors such as:
-Priority for each area of coverage, in terms of the level of risk exposure and risk appetite
management or audit committee concerns regarding a particular area.
-Degree of stability in respect of systems, staff and other organisational change
-Time since last audit and audit outcomes
-When specific risks are considered likely to materialise and impact
The audit resources necessary to deliver individual assignments will be driven by a number of factors such as:

System complexity:
-Factors such as number of locations, transactions and frequency
-The assurance which can be brought forward from previous audits
-The envisaged scope and objectives of the proposed audit

The IAS and the annual plan (year 1) within it will normally be subject to audit committee review and approval, with changes in subsequent years approved as appropriate in accordance with agreed protocol.

Resource management
Few managers have a blank cheque when it comes to budgets. Internal audit is no different.

Internal audit will typically adopt a medium timeline for strategic planning purposes allowing the chief audit executive (CAE) to balance assurance needs and resources within a defined budget envelope to provide reasonable assurance to audit committee and senior management. Short term or specific skills gaps can be bridged through recruitment, training or co-sourcing.

Where the budget of the department is insufficient to meet the assurance needs of the audit committee and senior management, the CAE will need to raise such concerns and explain the impact of such limitations upon the assurance they are able to provide. The audit committee can direct a review of resources and approve as required to meet its needs.

In determining and managing the resource need:
-Identify the number of individuals, skills mix and specialist skills necessary to deliver the approved IAS
-Analyse your current resources against this need to identify resource shortfalls and skills gaps based upon realistic target -Utilisation / efficiency levels
-Allocate audits based upon skills and experience to in-house team members
-Identify how resource shortfalls will be met – recruitment, out-source or co-source
-Ensure that planned audits are delivered in accordance with the approved budgets to identify and take timely action in -Respect of any deviation to keep delivery of the audit plan on-track

When managing co-sourced or out-sourced relationships to support the audit plan:
-Tender for specialist work suitably balancing cost and quality considerations
-Ensure robust and clear contracts are in place with: requirements, pricing, confidentiality, data security, ownership of -Intellectual copyright and working papers, dispute resolution, and exit terms
-Establish clear operating procedures and approval processes within a service level agreement to ensure that each assignment is delivered in accordance with expectation

IT solutions may enable more efficient and effective internal auditing. However, this will be dependent upon a number of factors such as the size of the audit plan, size of the respective team, geographical spread and degree of standardisation or repetition within the audit plan.

Increasingly, internal audit is utilising a risk based approach to audit strategy, rather than simply providing coverage of the audit universe on a set cycle. Some of the value within traditional IT solutions can be limited and not justify their cost. Therefore as with any system acquisition you should undertake a detailed needs analysis and review the product offering to determine if it will meet those needs and provide value for money.

Likewise with increased functionality within common office IT products, there is the ability to utilise existing software to automate elements of the audit documentation and facilitate analysis of large volumes of data if it can be extracted in a common format from the organisations core management information systems.

Knowledge management
The internal audit function must develop the skills, experience and knowledge within its team members. Importantly it must also ensure that as team members change, their knowledge is retained as far as possible or transferred to other team members. Effective audit management systems, notice periods, team working and knowledge sharing practices will assist in minimising associated key person risks.

The following techniques may assist in acquiring and developing in-house skills:

-Structured appraisal and performance management
-Informed training programmes at both a team and individual level
-In-house training programmes to deliver common training needs
-Procure external training for specific specialist training needs
mentoring programmes
-Joint delivery of reviews with co-sourced providers to facilitate knowledge transfer
effective knowledge management systems.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

If the last few years have shown us here at Audit International anything, it’s that we must be ready for the unexpected. From the disruptions of the global pandemic to soaring inflation, from political scandals to a war of aggression in Ukraine—life as we know it is changing.

The public sector doesn’t exist in a vacuum. Global events have a direct effect on national public services, and uncertainty causes disruption. The public sector must adapt to these changes if it is to continue delivering essential services for the taxpayer. Long-term funding challenges, climate change, and changing demographics also add to the pressures the global public sector is facing, and with technology changing the way we work, how does the role of internal audit fit into this complex web of demands and transformations?

As organizations react to these external changes, their assurance needs will inevitably change too. If internal audit is to stay relevant, it needs to keep pace with the changing demands of the organization.
To get a better understanding of how to improve the impact of internal audit and unlock its full potential, Chartered Institute of Public Finance and Accountancy (CIPFA) asked over 800 internal audit professionals and clients from across the United Kingdom for their experiences and views.

Their research revealed that 93 percent of the internal audit leaders who responded strongly agreed that internal audit supports the management of the organization, while 88 percent of managers who responded felt the same. Although there is some disparity between the two figures, they show that managers and heads of internal audit broadly agree that internal audit contributes to effective organizational management. Despite these promising statistics, when asked questions about the specific areas where internal audit is making an impact, there was significant disagreement.

Divergent Views
The CIPFA found that heads of internal audit and their clients, the management of organizations, often had substantially different views on what internal audit currently delivers to the organization. For example, 73 percent of heads of internal audit believe that they act as an independent critical friend on committees or steering groups, with just 43 percent of management agreeing with this. More worrisome, only 35 percent of audit committee members thought that internal audit provided this role. Ninety-one per cent of internal audit leaders said they provide advice on new systems and developments, but only 62 percent of managers agreed. This disparity is common across a range of different services and roles provided by internal audit, with clients consistently believing internal audit’s input is significantly less than what the heads of internal audit believe.

This shows that heads of internal audit need to be more vocal about the work their teams are actually doing for the organization. They need to become advocates for internal audit and promote the work of their teams, while clearly explaining to management how vital internal audit is and how it can help the organization reach its goals. Only then will the input of audit teams be fully understood and appreciated by clients, managers, and audit committees.
The more management understands the role of internal audit, the more expectations they will have of it. Higher expectations mean that internal audit becomes more intrinsically valuable and more relevant to an organization, ensuring its important role in the future.

Three Areas of Focus
-More strategic coverage can also help internal audit transform and adapt for an uncertain future. We asked respondents to identify three key areas that internal audit should focus on in the future to have the greatest impact on an organization.
-Cybersecurity was the top priority, with just under 60 percent of respondents wanting internal audit to focus on this key strategic area in the next three years. Just over 50 percent identified digitization and data use within organizations as the next most important area, while 47 percent thought that climate change and sustainability would be important areas of focus for internal audit professionals in the next three years.
-The area of internal financial risk, which internal audit has traditionally provided assurance in, such as payroll and income, are generally already well managed with little exposure to risk. So, does internal audit still have a role to play in mitigating financial risk? About one-third (35 percent) of respondents said they thought financial viability was a key area for the future. This includes more strategic areas such as financial resilience and medium- and long-term financial strategies—both of which carry considerable risk to the organization. Without seeking to influence the financial policies themselves, internal audit can provide vital independent assurance to decision makers to allow them to take on more risk and be more ambitious.

If internal audit takes a more strategic role in emerging issues and provides assurance not just around internal financial risk, then it can position itself as a trusted partner to the organization. In the coming years, it will be vital for audit professionals to keep up with the changing demands of clients, and the world around us, if internal audit is to stay relevant.

– The Skills Gap
Continual life-long learning is also essential if internal audit is to stay on the front foot. It is this up-skilling that will help auditors keep pace with emerging organizational demands, like cloud computing and cyber security. Out of the heads of internal auditors who responded to our survey, 55 percent agreed that they had sufficient skills and experience to meet the needs of the organization. This is broadly similar to the number of senior managers who agreed that their internal audit teams had the skills needed. There is still room for improvement in this area.
In its 2020 report on the future of jobs, the World Economic Forum identified some key technologies that companies thought would most likely be adopted by 2025. Cloud computing, big data analysis, artificial intelligence, and cybersecurity all came out on top. These represent growth areas for internal audit and where internal audit professionals will have to upskill to provide maximum value to the organization.

Internal auditors cannot be subject matter experts in all these areas, of course, and some aspects will have to be outsourced to specialized firms. Internal auditors can, however, oversee the organization’s direction and approach to these key strategic areas, provide independent assurance and act as a critical friend where necessary. Having good communication, critical and analytical reasoning skills, financial literacy, as well as risk-based auditing skills will help internal auditors tackle these complex subject areas.
Internal audit can have a bright future. Although the world is in a particularly uncertain phase, and organizations’ assurance requirements are rapidly changing to reflect this, internal audit can still make a significant impact and provide a valuable service. But to do this, it must also adapt.
Embracing New Challenges

To stay still is to move backwards when the pace of change is so considerable. Internal audit’s future lies in embracing new challenges such as cybersecurity, financial viability, climate change, artificial intelligence and big data. It can provide organizations with the assurance they so badly need around these issues – allowing them to embrace new technologies and ambitious strategies. To do this, internal auditors need access to learning and development to equip them with appropriate skills to find solutions to these complex issues.

All of this, however, will not lead to the wanted outcomes if heads of internal audit do not advocate and promote the work of their teams within organizations. They must make sure management and clients understand their assurance needs and how internal audit teams support organizations to reach their goals.
Good public financial management is at the core of delivering value for money and improving public services. A much broader, more diverse, and louder internal audit function can reinforce and support good financial management, both now and well into the future.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

It’s become a truism that the ‘new normal’ as the world emerges from Covid-19 lockdown will not, and cannot, be like the old normal. But what does this mean for internal auditors? What skills will be most in demand and what can you do about it if you do not feel that you have enough of these at the moment? Audit International have all these answers and more.
As in other areas of the wider economy, many of the skills that are going up in value and demand (and those that are going down) reflect longer term trends that have been exacerbated by the crisis. A strong suite of technical auditing skills now puts more emphasis on so-called ‘soft’ skills and less on some traditionally prized abilities to sift and process information, although independent judgment, logical reasoning and analysis will always be important.

IT auditing is becoming an increasingly specialist preserve that is beyond the scope of most internal auditors, however many employers now expect all internal auditors to have a strong grasp of the basics of data analytics and of what analytics programmes can do for audits and assurance. This IT-savvy must go hand in hand with a wide imagination about the potential uses of the technology and how it can be employed more effectively.
What is new, however, is that ‘soft’ skills and IT experience are no longer nice-to-haves. Whereas a few months ago, there was a shortage of internal auditors in many sectors, now employers are likely to be able to pick and choose. The post-Covid landscape is likely to be bleak for many sectors and internal auditors will not be immune. There will be redundancies and people will need to look more broadly at their CVs, personal skills development and, possibly, at the options available to them in a wider range of sectors.

Russell Bunker, director at Barclay Simpson, says that the highest demand is currently for “experienced internal auditors operating at the delivery level”. Fewer organisations are hiring senior audit managers or trainees, he says. However, he added that a number of fixed-term or interim job opportunities are emerging and there are new jobs appearing as a consequence of an increase in co-sourced internal audit work. Some of these trends may be short-lived, of course, and may reflect temporary bans on permanent hiring.

So, what are the key skills internal auditors will need to thrive in the short and longer term?
1. Communication is key
Emotional intelligence may not have always been top of the list for internal auditors, but it’s hardly a new requirement. Internal auditors have to be great communicators – if you cannot talk to people – and, just as importantly, listen to them – you can neither learn from them nor persuade and influence them.
As computers take on ever more of the analysis side of auditing, we need humans who understand how people operate in real life, what makes them tick? Internal auditors need to pick up the nuances to spot when things may be wrong behind the scenes. They need to use the right language to relate to the people they need to get on their side or to persuade people to change the way things are done and to understand the need to better governance. And they need to be able to convey important messages simply and effectively. This is not always about being ‘nice’ – it’s about being effective. Some of these messages may be tough and they need to be understood and acted on.
It’s also about being able to demonstrate the behaviour that you preach. Actions really can speak louder than words.

2. Business acumen
This has always been important, but is becoming ever more so. Internal auditors see the whole of the business from the inside, but they also need to be able to look beyond it, and beyond their sector and region, if they are to appreciate emerging risks and the bigger picture. They need to understand what keeps their CEO awake at night – and, even more importantly, what should be keeping him or her awake at night.
Increasingly, they are being expected to know a lot about the potential impacts of everything from macro economics to climate change and the complexities of supply chains. Sourcing and reviewing the most up to date and reliable information is vital, but you also need the acumen to know how this could affect your business and to spot the risks and opportunities. Those who do not display this knowledge will not gain the respect internal audit needs from senior management to be effective.

3. Flexible and agile
Speed is of the essence. How can you offer assurance more effectively, more rapidly and more effectively? This is the holy grail of internal audit and will become even more so in the post-Covid landscape. Technology can help, but it takes people to think about how they can use it better. Those with the imagination and the drive to improve, adapt and change will be most valuable to, and valued by, management.

4. Personal relationships and networking
Use your personal relationships and find out what peers, colleagues, friends and family are doing. Be curious and ask questions. This is partly about being well-informed and partly about good communications. There are loads of ways to keep in touch so use them – from social media to Facetime to old-fashioned phone calls. You never know what may come in useful in future but the broader the net, the more you are likely to benefit.

5. Proactive – use your imagination
Imagination and curiosity are now so important that they deserve a mention on their own. Again, they are not new skills for internal auditors, but they have never been more important. You don’t need a formal mentor to tell you to think about where you want your career or your audit team to be in six months’ time. But it can help to take some time out of your normal routine to practise thinking more imaginatively. Many things in the near future will need to change and someone will need to identify potential changes and the ways to achieve them.
Equally, imagination is an important part of effective communication. What are your auditees doing and why? What are they going through? What do you want them to be doing in future – and how can you help them to get there?

6. Sell, sell, sell
It’s been said that everyone is selling something – and if they say they’re not, they’re lying. Selling has a bad reputation in the UK. It’s seen as duplicitous and bad-mannered. However, sales skills are just as vital for good ends as for bad. Internal auditors are going to have to compete for attention even harder and many will have difficult messages to convey in the near future. If you want management, auditees and colleagues to listen to you and respond to your messages, you will need adequate sales skills.
And, if you’re in a sector that has been badly affected by the pandemic, you may need to brush up your CV and prepare to sell your own skills more aggressively. If you have what it takes to help organisations weather this crisis, don’t sell yourself short.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

The podcast has rapidly become the go-to media for anyone and everyone seeking thought leadership, guidance, advice, or entertainment, especially in a particular niche with particular audience demands.
While far from a flash-in-the-pan trend, podcasts are tapping into what makes radio so timeless – they are familiar, routine, mobile-based and mostly non-committal (compared to TV shows), increasingly well-produced and incredibly varied in content provision and direction.
The state of podcasting in 2022
Podcasting is a rapidly growing, and increasingly lucrative, creative medium for creators and advertisers:
• “In 2021, there (were) 850,000 active podcasts, with over 48 million total episodes”.
• “Each week, more Americans listen to podcasts than have Netflix accounts”.
• “Podcast ad revenue is expected to grow to $1.33 billion in 2022”.

It’s also worth noting why people listen to podcasts, and this is where podcasting really comes into its own:
• “74% of all listeners tune in to learn new things. Other common reasons include entertainment (71%), staying up-to-date with the latest topics (60%), and relaxing (51%)”.
So rather than escaping into stories (which is increasingly the reason why audiobooks are on the rise), or listening to light-hearted comedy to relax at the end of the day (comedy still stands as the most popular podcast genre), learning is the primary reason why people listen to podcasts.

Finance podcasting and the future of the medium
The Finance sector has had a proliferation of podcasts erupt over the few years – content is varied, informative and incredibly useful, and the nature of podcasting means creators can approach the topic of “finance” from a variety of angles; from money management to investment advice, industry news to crypto-tips.

The team at Audit International are real fans of a podcast, so below are our top 10 finance podcasts we absolutely urge anyone in the industry to listen to!

• Invest like the Best
“Exploring the ideas, methods, and stories of people that will help you better invest your time and money”.
A popular and varied podcast covering everything from design investment products to interviews with leading financiers, start-up accelerators and figures within finance, investment and money management.

• Inside the Strategy Room
“We talk with McKinsey partners and corporate executives on the challenges they face creating lasting strategies in a fast-changing world. We also examine the different ways these executives approach these challenges and the new and innovative ways they think of creating a vision for their enterprises”.
While more strategic in approach, this McKinsey-sponsored podcast covers business and finance leadership via CEO interviews and thought leadership.

• We Study Billionaires
“We interview and study famous financial billionaires including Warren Buffett, Ray Dalio, and Howard Marks, and teach you what we learn and how you can apply their investment strategies in the stock market”.
With over 85 million downloads, this is a huge podcast for obvious reasons – an easy audio mind-tap into the richest and most successful finance people in the world.

• So Money with Farnoosh Torabi
“So Money brings inspiring money strategies and stories straight from today’s financial leaders, bestselling authors and entrepreneurs”.
One of the top-rated US finance podcasts in the podcast ecosphere, covering everything from childcare affordability to investing in a bear market.

• Money For the Rest of Us
“A personal finance and investing podcast on money, how it works, how to invest it and how to live without worrying about it”.
From debunking what money means to advice on money management and views on global investment vehicles, a great and varied finance podcast.

• Women & Money
“Take a priceless journey into your life and the life of your money with the most recognised personal finance expert in the world today”.
Suze Orman is one of the world’s most recognisable personal finance gurus, and her podcast covers everything from bond management to thought leadership on wealth creation.

• Optimal Finance Daily
“Why bother searching for the best blogs about personal finance when they can be found and read for you?”.
1900 10-minute quick-fire episodes on personal finance, covering how to get insurance to living more frugally and lifestyle changes to being better with money.

• CNBC’s “Fast Money”
“Hosted by Melissa Lee and a roundtable of top traders, “Fast Money” breaks through the noise of the day, to deliver the actionable news that matters most to investors”.
Global finance news from one of the most well-respected finance news desks in the USA. Actionable intel, up-to-date news and reporting on leading finance leadership.

• Count Me In®
“IMA® (Institute of Management Accountants) brings you the latest perspectives and learnings on all things affecting the accounting and finance world, as told by the experts working in the field and the thought leaders shaping the profession”.
A detailed and investigative look at the mechanisations and movements of finance, as told by experts and relayed by leaders in the field.

• The Better Finance Podcast
“The EY Better Finance Podcast explores the changing dynamics of the business world and what it means for finance leaders of today and tomorrow”.
From ESG reporting within finance to data analytics and more, the EY Better Finance podcast is one of the most up-and-coming popular podcasts within the finance sector.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
– Switzerland 0041 4350 830 59 or
– US 001 917 508 5615
E-mail:
– info@audit-international.com”

Here at Audit International, we have always been on the lookout for clever ways to describe internal audit’s role in an organization.

Elevator speeches are fine when you have 60 seconds to describe the value your profession brings to an uninformed bystander. However, an elevator speech doesn’t hold a candle to a well-crafted sound bite that will leave a lasting impression.
One of our favorites used to be “internal audit is the brakes that allows the organization to drive faster.” The reasoning behind this analogy is that brakes are a critical component in a vehicle. To be sure, they are used to prohibit a vehicle from moving. But more importantly, brakes are crucial to maintaining control of a vehicle. Of course, well-resourced, independent internal audit functions add little value if they impede an organization’s ability to take risks and achieve results. But they add value when, like brakes on a car, they empower management and the board with information to slow down or stop if critical risks lie ahead.
Over the years, Audit International have come to view the “internal audit-as-brakes” analogy to be a bit outdated. It envisions internal audit as being primarily control-focused. Today, internal audit provides much greater value than merely a set of brakes. After all, a vehicle with an outstanding braking system can still end up in the wrong place. Brakes are great for stopping or slowing down. However, they do little to help change course. Internal audit in the 2020’s must be help create – not just protect value!
We believe a more powerful analogy is that internal audit is a critical component of an organization’s navigation system. Consider the value of a modern navigation system. Once the departing and arriving locations are entered, a navigation system provides timely and crucial feedback on the progress of the journey. The friendly voice provides turn-by-turn advice on reaching the destination. It recognizes when a turn has been missed, and quickly alerts the driver to “make a legal U-turn.” It can be programmed to recommend routes that are faster, less congested, or avoid tolls. Some alert the driver when the speed limit is being exceeded, or the vehicle is being taken on unsafe roads.
Much like the navigation system in a vehicle, internal audit shows its powerful value by:
• Providing assurance that the organization is progressing on the course charted by management and the board.
• Providing recommended corrective actions when the organization is off course (please make a legal U-turn).
• Identifying risks in advance (much like a navigation system warns of an accident or road congestion ahead).
• Alerting management and the board of compliance risks/failures (think excessive speed).
• Providing assurance that the organization has “arrived at its destination.”
To succeed, organizations in the 21st century must manage risks – both internal and external, whether related to finance, operations, strategy, technology, regulations, or reputation. While organizations are raising the bar on effective risk management, executives face extraordinary headwinds spawned by a turbulent environment in which risks materialize virtually overnight. In the past five years, we’ve faced the most extraordinary global pandemic in more than a century, more global financial turmoil, cybersecurity breaches that even target our infrastructure, corporate failures, and more. In the immediate future, we are facing the prospect of severe supply chain disruptions, inflationary pressures not seen in 40 years, and likely more nasty surprises from COVID-19. Relying on a good braking system will be inadequate to navigate the hills and valleys that lie ahead. Instead, organizations need strong navigation systems with well-resourced and independent internal audit functions fully integrated to succeed.
Granted, Audit Internationals updated analogy may be oversimplified. Strong internal audit functions add value in a multitude of ways, and we are never more critical that management and the board in navigating risks that our organizations face. However, I find it is useful to think through analogies such as this one so that I can better articulate internal audit’s role in ways that everyone can understand.
We welcome your thoughts.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.
If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”

Today, Audit International are hoping to clear up a few of the most common Internal audit myths. Let us know if there are any we have overlooked, and we bet we can debunk those ones too.

Myth: There is little creativity in internal auditing
This couldn’t be further from the truth. Internal auditors are called on to do a hard job, that much is true. That job can be operationally challenging, “dry” in content (which is subjective), and seemingly “behind the scenes”. However, as Workiva states, IAs are increasingly using brand power and social media to better communicate what they do and its centrality to business operations.
• “For instance, a team I used to work on rebranded from “Internal Audit” to “Risk Advisory and Assurance.” It helped answer questions about what we do and provided clarity to the types of services we provided”.
If internal audits are seen to be working in the shadows, the time is now to dispel those rumours of bean-counting and step into the fore!

Myth: IAs are the business police
Stinnett Associates describes how they go about amending this viewpoint perfectly, by urging internal auditors to focus on “process improvement” as the real essence and philosophy of the role, rather than letting stakeholders confer amongst themselves that IAs are only in it to stifle business, innovation, creative thought or operational independence.
Owning this new narrative is super important: IAs are integral to business success, and vital elements in non-auditors doing even better in their roles thanks to IA’s fastidious attention to regulatory and ethical performance.

Myth: Aren’t internal auditors just accountants by another name?
While accounting provides some critical skills needed to be a successful internal auditor, the industry draws from a wide range of backgrounds and skills, from tech and IT to engineering.
The real skills needed – diligence, a high regard for quality services, fastidiousness, great communication and creative thinking – means that people from a wide variety of backgrounds with training can enjoy a career in internal audit.

Myth: Internal audits are the same as external audits
No, they are not the same. While some parts of the day-to-day job of an internal and external auditor are parallel – both evaluate controls, report to seniors, and work with audit programmes – the outcomes and flexibility of internal auditing drastically differs.
As Moss Adams in their presentation titled Busting the Myths Surrounding Internal Audit states, “(IA) focuses on future events by evaluating controls to help the organisation accomplish its goals and objectives” rather than just meeting “materiality thresholds”.
By offering a service more “broad in scope” than external auditors, IAs provide direct, measurable business outcomes and improvements.

Myth: Internal audit is a lonely job
While “independence” of an IA’s role is a prerequisite, the truth of the matter is internal auditors straddle every department in an enterprise.
As mentioned above, the job is focused entirely on improvements, working closely with internal controls (which is a separate but often conflated field) to mitigate fraud and perfect business outcomes. This means that IA professionals get to work with their own team and every department in a company.

“Audit International are specialists in the recruitment of Auditors and various Corporate Governance Professionals including Internal Audit, Cyber Security, Compliance, IT Audit, Data Analytics etc across Europe and the US.

If you would like to reach out to discuss your current requirements, please feel free to reach us via any of the following:
Calling
• Switzerland 0041 4350 830 59 or
• US 001 917 508 5615
E-mail:
• info@audit-international.com”