The Transformation of Internal Audit
Norman Marks, CRMA, CPA, is a vice president for SAP and has been a chief audit executive and chief risk officer at major global corporations for more than 20 years.
Two individuals I respect collaborated on an article with this title in the August issue of the CPA Journal (see page 32). Gaurav Kapoor is the CEO of GRC software vendor MetricStream and Michael Brozzetti is the CEO of Boundless LLC, an internal audit and risk advisory firm.
The article makes some excellent points. It starts with this assertion:
The field of internal auditing has transformed significantly over the past decade. Several factors have contributed to this change, including the increased complexity of a globalized marketplace, high-profile fraud and corruption scandals, new laws and regulations, and increased demand from stakeholders for greater assurance.
Gaurav and Mike also state that a focus on improving risk management remains a priority for the audit committee, and refers to IIA guidance on providing opinions on governance, risk management, and internal controls. Excellent!
But do they go far enough to advocate that internal audit plans should be focused on the more significant risks to the organization, the matters that are discussed in the board room and at the executive leadership table?
Do they take on too much of a role for internal audit when they ask IA to provide “leading indicators about risk”? Shouldn’t IA be working to stimulate and encourage management to do that?
Is there too great a focus on technology for managing the internal audit function rather than using technology to monitor and audit risks? I know where I would spend my limited funds! (See this prior post on IA use of technology).
In fact, are they talking about where the internal audit practice is generally at today rather than where it needs to be, where it needs to go?
I welcome your comments.
Posted on Oct 4, 2012 by Norman Marks
Share This Article: