The Future Is Now
As I prepared for my presentation at the IIA International Conference in Kuala Lumpur on the topic of the internal auditor as rock star, I reviewed an article that I wrote for the Internal Auditor magazine. Let me share the first part and see if you can guess when it was published.
THE FUTURE IS NOW
The future, for some organizations, is already here, and the new internal auditor is needed now. As Peters would say, it is time to become the "rock stars" of the new age of internal auditing, a notion that captures the excitement of our time.
There is great energy in the image of a rock star. Perhaps the rock star of auditing would do as IIA President Bill Bishop has preached for years: put a tattoo on his arm that reads, "Proud to be an internal auditor."
Auditors need to be loud. We need to voice our concerns when it comes to understanding and assessing business risk in turbulent times. This takes courage, especially when management is racing to install the latest technology and our message is one of caution — of heightened risks because of missing controls and security, or hastily tested code — a message that many in the organization may not want to hear. Most of us fear the unknown, and risks in the new e-business world are alien.Who would ever have considered the risk, just a year ago, of spam Internet messages tying up a wireless network? Taxi Stockholm, a large Swedish taxi cooperative, established an automated ordering system using the Internet and a wireless network four years ago, and their volume has increased 45 percent since then to 9.3 million trips. What would happen to the company if all its cabs were flooded by advertising messages, or were infected by a computer virus? Critical thinking about the implications of technology is key to the success, and even survival, of our organizations. Internal auditors are well-qualified to offer risk-management advice on new developments, and we must ensure that our suggestions are heard.
Did you guess that this appeared in the magazine almost 10 years ago, in December 2001?
Do you think that the message still holds today?
My presentation is going to talk about the internal auditor and courage: the courage to take on the real issues facing the organization, provide valuable assurance on the more important business risks, and speak out — even when sharing unpopular realities.
Many organizations have one or more of these unfortunate realities:
- An immature risk management program.
- Scattered information (often due to multiple computer systems), so executives don't have timely, current, and reliable information on the operation of the business. They may even be reliant on Excel to consolidate key operational data, which is always at least a few days old.
- Executives that don't work as a team. They operate in silos, hoard instead of share information, and put divisional (or personal) objectives ahead of corporate goals.
- A lack of sufficient skilled, experienced management and staff in key positions.
- A poor record when it comes to delivering on major projects and strategies.
If you ask the auditors, they will often be aware of these realities. But what are they doing about it?
That's where the rock star distinguishes herself/himself. The rock star auditor stands up and talks about the emperor's lack of clothes and makes sure people at the right level are fully aware of painful realities.
Are you a rock star? I would love to hear your stories — please share here of, if you would prefer, email them to me at firstname.lastname@example.org.
Posted on Apr 25, 2011 by Norman Marks
Share This Article: