control, and governance
Imagine the Possibilities!
The IIA’s new chairman of the board, Paul Sobel, says internal auditors need to envision new ways to add value to their organization, and the profession as a whole.
Half a century ago, the land underlying the municipalities of Lake Buena Vista and Bay Lake, Fla. was a largely unpopulated patchwork of cattle ranches, citrus groves, scrub forests, and alligator- and snake-infested swamps. But that’s not what the late Walt Disney saw in his mind’s eye when he overflew those 47 square miles, just south of Orlando, in November 1963. Instead, Disney saw a prime location for a family vacation mecca.
Disney died before he could savor the first fruits of his fertile imagination, the 1971 opening of the Magic Kingdom theme park. But his vision still is very much alive. The Walt Disney World Resort’s theme parks, golf courses, hotels, restaurants, retail stores, and other attractions now bring joy to nearly 30 million visitors each year.
This lore came to mind while I was on stage during The IIA’s 2013 International Conference — held a mere 10 miles from the Disney resort. I mused that although the practice and stature of internal auditing have advanced significantly since the Magic Kingdom’s grand opening, many of those gains are by-products of transcendent events. As I looked out at the roomful of internal auditors from around the world, it struck me that our profession is too important to the well-being of organizations and the global economy alike to leave its future direction to chance. So, I concluded, what better time than now for practitioners to channel their inner Disney and focus not on what internal auditing is, but rather on what it might be. Thus, as I assume the role of IIA chairman of the board, I have made my theme the challenge and rallying cry, Imagine the Possibilities!
A LENGTHY ERA OF TRANSITION
The first formal Standards for the Professional Practice of Internal Auditing, approved by The IIA’s Board of Directors 35 years ago when I was still a college student, defined our profession as “a control which functions by examining and evaluating the adequacy and effectiveness of other controls.” The words risk, governance, and consulting were nowhere to be found in those pioneering standards. This expansion of our profession’s services portfolio came only in 1999, during my stint at Arthur Andersen’s Business Risk Consulting practice, when the IIA board approved the contemporary definition of internal auditing. Specifically, that new definition requires practitioners to help their organization achieve its objectives “by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes.”
Imagining The IIA's Future
During my year as The Institute’s board chairman, I plan to work diligently with my fellow senior volunteers, global institute leaders, and IIA staff to complete and implement numerous initiatives that I imagine will shape the profession for years to come. Among these are:
Executing institute/chapter agreements. I expect every global institute and North American chapter to sign a new agreement with The IIA to better articulate the roles and responsibilities of each. Fulfilling this initiative will help ensure institutes and chapters will focus on best serving their membership, while The IIA supports those needs and advances the global profession.
Sharpening the board’s focus on risk. As we redefine the various governance roles within the IIA volunteer structure, we will be able to better tap into the broad experiences and diverse perspectives of members of our board to help advance the profession in an increasingly complex world.
Advancing advocacy. I will work to advance the International Integrated Reporting Council’s agenda for making financial reporting more comprehensive, get our International Standards for the Professional Practice of Internal Auditing (Standards) recognized by the global Financial Stability Board, and build close ties to associations that represent boards and audit committees.
Recasting the International Professional Practices Framework (IPPF). The foundation of our profession, the IPPF, may need to be restructured to meet our future practice needs. The study of this matter will require, in part, assessing whether the Standards are minimum requirements or aspirational, again reconsidering the definition of internal auditing, and evaluating whether there should be different levels of “strongly recommended” guidance.
Emphasizing certification. With the rollout of the new three-part Certified Internal Auditor exam and the new Certification in Risk Management Assurance exam, and further progress with the Certification Suite, I expect renewed emphasis on enhancing professionalism of internal auditors around the world by getting more internal auditors certified.
Identifying learning pathways. With the issuance of the new Competency Framework, focus now must turn to ensuring the availability of training and other global and local developmental pathways to help internal auditors achieve necessary competency levels.
Not long thereafter, internal auditors were thrust into the role of transforming the board’s vision of the profession into workplace actions. The governance debacles at Enron Corp., WorldCom Inc., and a host of other organizations roiled world financial markets just as I was assuming the chief audit executive (CAE) role at Aquila Inc., an energy company in Kansas City, Mo. These senior management-led financial reporting frauds, in turn, prompted many governments to enact remedial legislation such as the U.S. Sarbanes-Oxley Act of 2002.
These statutes — which, in general, require management to assess, attest to the adequacy of, and publicly report on the organization’s system of financial control — enabled our profession to showcase its control expertise. In fact, for several years, many internal audit activities were all but consumed by the tasks of helping guide management through its process of identifying and testing key financial controls and by providing independent, objective assurance that management’s test results were accurately reported. In 2004, my first full year as CAE at Atlanta-based energy company Mirant Corp., 75 percent of our internal audit hours were spent on Sarbanes-Oxley related activities.
The failures of numerous large financial institutions in 2008 triggered a global financial crisis that sparked a recession from which some nations still are struggling to emerge. Once more, many governments scrambled to enact systemic reform legislation, such as the U.S. Dodd-Frank Wall Street Reform and Consumer Protection Act of 2010. And again, internal auditors gained prominence as regulators, audit committees, and other stakeholders began tapping our profession’s expertise in assessing the adequacy of organizations’ risk management processes and governance. I found that many of the risk management practices I learned at Arthur Andersen and honed at Aquila and Mirant were valuable in helping Mirant’s board and management become comfortable that they could weather the financial storm.
TIME TO IMAGINE OUR POSSIBILITIES
Many longtime practitioners and observers of our profession conclude that internal auditors have so capably seized the many opportunities to shine afforded them during the last 15 years that our profession is more widely respected today than ever in its modern history. Although I too observe this generally is the case, practitioners cannot afford to sit contentedly by and wait to see what hand others will deal them next. Instead, the time has come for us to imagine our profession’s possibilities and begin taking giant steps toward realizing them.
Merely beginning this process likely will have a salutary effect on internal auditors and their stakeholders — notably, senior executives and audit committee members. For example, imagining future professional possibilities should help auditors find ongoing fulfillment in their work and gain confidence that they can become indispensable to their organization. Stakeholder witnesses of the process should become more comfortable that internal audit is striving to provide the assurance and advice they need to help the organization achieve sustainable success.
IIA President and CEO Richard Chambers says internal auditors worldwide have five “must dos” during the rest of this decade and possibly beyond. These imperatives are a solid foundation on which to base imagined possibilities for our profession:
This list is far from comprehensive. Imagine, for example, the opportunities presented to internal audit by emerging technologies. Imagine carrying around only a tablet device while conducting an audit to access data anywhere — whether on a factory floor or in the C-suite. And imagine software capable of depicting every step in a business process, thereby enabling internal auditors to visually rearrange that process to enhance controls and improve efficiency.
There are undoubtedly many other good ideas for advancing the practice and stature of internal auditing that are beyond my own imagination. I look forward during my tenure as chairman to hearing from creative members of our profession around the world about the possibilities they imagine. I promise to share those thoughts with you periodically.
DARE TO DREAM
Anthropologists and psychologists tell us humans tend to feel comfortable and safe performing familiar rituals in familiar places. So it is not surprising many internal auditors are quite comfortable practicing as they always have. But I cannot imagine how those who choose this approach can continue succeeding professionally in today’s dynamic business world. Conversely, those who dare to imagine possibilities can help create a future in which internal audit is viewed by stakeholders and society as an enabler of sustainable value. As Walt Disney once said, “All our dreams can come true if we have the courage to pursue them.”
Paul J. Sobel, CIA, CRMA, is vice president and chief audit executive of Georgia–Pacific LLC in Atlanta.
Also in this issue:
COMMENT ON THIS ARTICLE
Internal Auditor is pleased to provide you an opportunity to share your thoughts about the articles posted on this site. Some comments may be reprinted elsewhere, online, or offline. We encourage lively, open discussion and only ask that you refrain from personal comments and remarks that are off topic. Internal Auditor reserves the right to edit/remove comments.