It Was Twenty Years Ago Today

Okay, maybe more like twenty-nine years ago last month – that’s how long I’ve been in Internal Audit. I can only guess that it was because of that experience someone recently asked me to reflect on the differences that have occurred within internal audit over those almost thirty years. My mental faculties have not deteriorated to such a point where I am unable to conjure up a memory or two from that long ago era, so it was a relatively easy task. 

Some of the differences are obvious. Back in the early 80’s we knew about computers, but we were only beginning to understand how they would fundamentally affect the way businesses got things done. And we were getting some of the first inklings of how computers would change the way internal audit did its work. Also, one of the driving forces for audit was the Foreign Corrupt Practices Act. In fact, the only reason audit had become a separate function in our company was because of the FCPA. Concepts such as COSO, ERM, and GRC were just the glimmer in the glimmer of someone’s eye.
 
But the more I thought about it, the more I wondered how much things had really changed. We still write reports, we still do testing, we still interview and meet and have kick-off and exit meetings. We just don’t use as much paper. I wanted to see what some of the real differences (and similarities) might be.
 
This is where one of my peccadilloes came in handy. There is something about books and magazines; I can’t throw them away. Call it my Fahrenheit 451 complex. (Call it one of the reasons my wife makes me stuff everything in my own room in the back of the house.) As a result, I have every issue of The Internal Auditor published since I became an internal auditor.
 
So I went back to the August, 1987 issue to make some comparisons. Why this particular issue? Well, going back 29 years just didn’t have the same ring as going back 25 years. Why not September, 1987? Well, the magazine comes out every other month, and August is one of those months. Other than that, there was no rhyme nor reason nor planted articles to help make or break a case that resulted in my choosing August, 1987.
 
The first thing that jumps out is the advertising. There are a lot of ads related to computers.   I knew computers were starting to have a profound impact, but I had no idea. Flowcharting software, PC data security, report generators, software for auditing computers, well over one-third of the ads seem to be about auditing and computers. I don’t know if that is more or less advertising than now exists in the magazine, but the ads definitely reflect the newness of the technology (as evidence – the number of ads that show computers using five and a quarter inch floppy discs) and the way internal audit was coming to grips with it.   
 
There are also a large number of ads from the IIA, with much the same emphasis as those seen today – training, publications, certification, and professionalism in general. And an ad that The Internal Auditor was available in microform. (No, that one is not a typo. “…reproduces this publication in microform: microfiche and 16mm or 35mm film.) Today, people are just referred to Internal Auditor Online. 
 
There are also three solid pages of “Professional Opportunities”. Back in the day, we used to find our jobs through print media, not websites. 
 
There’s also an important announcement. “IIA now accepts American Express in addition to VISA and MasterCard.”
 
Of particular interest though is the dearth of ads for consulting services. In fact, only one of the big however-many-there-were-back-then had an ad – KPMG. Let’s face it, there was an uneasy truce between internal and external auditors back then. The concepts of co-sourcing and working together as partners were just starting to get traction.
 
Advertising can be an excellent window into what was occurring within the profession. But it is really only a snapshot; there is a lot to be seen in the articles themselves. This issue has some interesting articles – interesting for their content, but more interesting because of what they say about where we were in 1987. And, they actually say a lot about where we are now. 
 
We’ll be digging into these over the next few posts, ending with an interesting article by the 1987 Chairman of the Board of the IIA.
 
Tomorrow, some articles about computers.

Posted on Sep 4, 2012 by Mike Jacka

Share This Article:    

  1.  Thanks, Mike!  You took me back to the day.  I graduated in Accounting from Haas School of Business in 1972 and went to work in a local CPA firm.  After two years of the experience, I decided to try Internal Audit and went to work for a local steel company.  There I learned to tread lightly.  They were using a posting machine to keep their books, and it wasn’t until a few years later that I actually got to work with computers.  I had been programming in Fortran on a Univac, so the transition was not difficult.  What I learned there made the transition to “data processing” easy.

    What motivated me towards IT Audit was the Equity Funding Fraud.  It got me thinking about the way in which IT systems need to be controlled, and the specific control steps that need to be present to reduce the probability of fraud in data processing.  IT general controls were just pipe dream back then.  It also got me thinking about the use of probability in computerized testing and that led to auditing through the system.  I was fairly successful until they caught me at it.  “Auditors should not be looking over our shoulders.”  Apparently, auditors should be seen and not heard.

     

     

  1.  Moving on to the Oil Patch in the 80s, I started travelling to international locations to install computerized accounting systems.  During that time I was also tasked with looking at the practices controls in the remote offices I was in, a kind of Operational Auditing without the threatening aspect of a formal “Audit”.  FCPA compliance was the objective.  I reported to management back in Houston when I found a significant problem.  During that time I found a massive fraud in Venezuela that was perpetrated through lack of effective input / output controls.  Discovery was difficult because of the business environment that Venezuela forces on American companies.  In a socialist political environment the rights of employees expand to promote lack of cooperation with anyone asking questions that are too embarrassing to answer.  The person responsible for that performing the IT aspects of that fraud continued to work for the company long after it was discovered.  The government prevented us from terminating her.

     

    The major difference I perceive in audit over my career is the desire of management to make themselves look good.  Auditors are no longer appreciated for their contribution to the bottom line.  Audit has become contained and neutered.  If an auditor manages to uncover a weakness, management usually already knows about it and has reasons for tolerating it.  Our opinions are no longer respected.  By the way, I ended my career in IT audit in the banking industry.

     

     

     

  1. Interesting comment, Hugh.  What you describe is far from ideal, and I desperately hope that what you have experienced is not the norm.  (Anyone who would like to chime in to support or refute me on this, please do so.)

    But I think the situation you described shows that our work of becoming a premier profession is never over. 

    By the way, I've included part of your post in my final comments.

Leave a Reply