The Institute of Internal Auditors is celebrating Internal Audit Awareness Month in May, continuing a tradition that dates back to the 1990s as a way to highlight the work of the profession.
Over the course of the month, internal auditors around the world will be sharing examples of how the profession provides value to organizations, spotlight the profession’s commitment to good governance and risk management, and explain how internal auditors protect the public interest.
“Our goal is to help the public understand what we do as a profession,” IIA president and CEO Anthony Pugliese told Accounting Today. “We think it helps raise visibility and connects us with people who might join our profession one day, students or mid-career changers. We have a lot of folks in other professions that end up in internal audit, as well as those trained in college or university to be internal auditors, and to make sure that there is an awareness in the business community as to what our role is, which is to work with the board and with management in the public interest to help make better informed decisions.”
He sees resemblances between the internal audit profession and auditors who work at accounting and auditing firms.
“Like our first cousins in external audit, we’re there to help and we play a vital part in governance on many levels,“ said Pugliese. “We’re there 365 days a year, seven days a week, 12 months a year. We’re always part of governance and it’s our role to provide input to management and boards. Sometimes what an internal auditor does is not well known by the public and it’s not something that is easy for our members to communicate to their boards and to management. By having an awareness month, we put out collateral information that describes that.”
He sees the internal audit profession spreading internationally and he hopes to raise awareness around the world.
“If you go past the U.S., internal audit is truly an emerging profession,” said Pugliese. “For example, in places like Vietnam or Saudi Arabia, it was not as widely used as it now is because of recent requirements that are put in place in both of those countries, but many more. By putting a spotlight on it, we can help folks understand what we do and how much value we actually bring. When people realize the breadth and depth of our contribution, we also hope that they're more prone to adequately source internal audit in terms of people and use the resources that we have.”
He likens the international structure of the IIA to the Federation in "Star Trek."
“I’m a 'Star Trek' fan, so I’ll use the United Federation of Planets model where headquarters has a certain level of responsibility for significant standard setting and credentials, brand image and logos,” said Pugliese. “All of the high-level things — quality control, ethics — are done at headquarters. But our affiliates are legally incorporated in each of 112 countries, and that gives us a lot of reach.”
In the past year, internal auditors have played an important role in helping organizations respond to the COVID-19 pandemic. More recently, they have begun working to ensure integrity and compliance with significant infrastructure projects that are part of the Infrastructure Investments and Jobs Act. Internal auditors are getting involved in areas such as cybersecurity and environmental, social and governance (ESG) issues.
“The internal auditors acknowledge the environmental risks that we face,” said former IIA CEO Richard Chambers, who is now senior internal audit advisor at the technology company AuditBoard. “They recognize that the environment is very fragile and that there are real risks to their company and their business model, but there’s not a lot of internal audit resources being dedicated in that space. It’s very similar to what I saw for a number of years with cybersecurity. Internal auditors recognized how critical cybersecurity risks were, but then when you look over at their audit plan, they really weren’t putting a lot of resources into it. In the last couple of years, the coverage has caught up with the risk, and I think we may be headed in the same direction with environmental risks.”
The internal audit profession is becoming more appealing to students and those looking to change their careers as it touches on so many areas, including the chance to play detective and uncover fraud within an organization.
“When students and other career changers look at internal audit, it’s one of the few where on your first day on the job, you’re looking at an entire organization, really the highest level macro view of how all systems work together,” said Pugliese. “I don’t mean just financial, but all systems. It’s systems awareness from stem to stern. From the factory floor to the boardroom, you’re looking at everything and I think that’s exciting. Embedded in all that is dependency on IT. Fraud is always an interesting topic to younger people. My stepson thinks it’s extraordinarily cool that this profession does that. You get to work with the board or the audit committee or senior management. They’re bypassing many steps on other, more traditional paths.”
The IIA intends to promote the internal audit profession more to students and in government circles.
“We’re going to be investing a lot in making internal audit more available and accessible to the student population,” said Pugliese. “I think we have a job to do on campuses and in the academic community, not just in the U.S. but around the world. You’re also going to be hearing about us a lot through the advocacy channels and public policy in Washington and at the state level. We’ve unified our advocacy approach across 112 countries, having common messages to draw attention to us in a positive way.”
The IIA’s International Standards under the
“The IPPF Oversight Council examined the IIA’s standard-setting structure and processes,” said IPPF Oversight Council chair Alta Prinsloo in a statement Monday. “The council believes that an internal audit activity aligned with the standards follows best-in-class procedures to protect the public interest and to achieve the mission of internal audit: to enhance and protect organizational value by providing risk-based and objective advice and insight.”
“We’re massively changing our standards at IIA, and we’re really expanding it to include topically based standards around things like ESG, cyber fraud, etc.,” said Pugliese. “And we’re going to look at other topics like third-party supply chain issues, blockchain and all the issues that are affecting our profession. Those are standards that we’re considering. We are looking at ESG and cyber, to write one and have it out for public comment by the end of this year or early next year. We’re moving rapidly on that front because we want to have a set of standards that reflect what’s going on in the world, and our members benefit from that greatly. But more importantly, if they’re benefiting, so is the public interest vis a vis good corporate decision making by management, boards of directors and audit committees.”