There is clearly a popular fascination with exploring the “Whatif” concept to varying degrees. I thought it would be interesting to take a similar approach with a concept that is regularly explored in this space: Internal Audit. More specifically, I was interested to explore the following question: What if Internal Audit didn’t exist?
During the first two weeks of March, I was fortunate enough to represent Onspring as an exhibitor at two excellent industry conferences: RSA Conference in San Francisco and the Institute of Internal Auditors General Audit Management Conference in Dallas. Both conferences afforded us a great opportunity to raise awareness about the Onspring platform and solutions, as well as our company’s philosophy of solving problems by providing high quality solutions and services.
At this stage in my kids’ development, their biggest issue with me is the fact that I have to work. Even more egregious than Dad leaving the house to do work is when he has to leave town to do work. As I was preparing to head to Florida for the IIA All-Star Conference, I was getting quite the earful from two particularly vocal detractors of employed fathers. “Why do you have to go? You ALWAYS leave! You NEVER stay!” As they went on (and on and on), I found myself starting to feel very bad about it. When I find myself in such situations with my kids, the jukebox in my mind instantly cues up Harry Chapin’s 1974 tear-jerking classic, “Cat’s in the Cradle.”
A quick Google search for “internal audit software” reveals a long list of available solutions. Many of these providers (Onspring included) exhibited at the recent Governance, Risk and Controls (GRC) Conference in Phoenix, co-sponsored by the IIA and ISACA. In terms of sheer quantity of choices, internal auditors have no shortage of software at their disposal. But how many of these solutions enable internal auditors to (as the IIA Research Foundation report describes) “creatively innovate to stay a step ahead of the real-time pace of technology advancement”?
These principles from the IIA set the expectation that effective internal auditors have a strong understanding of their organization, its business practices and the ever-changing risks and opportunities that it faces. For many professionals, this shift will require them to obtain new skills and adopt different perspectives. This shift may be difficult for some to accept, but it is necessary for all, and I would venture to guess that this is welcome news to boards of directors and senior management.
This is the first article in a three-part series I’ll be posting throughout the GRC Conference in Phoenix. My intent is not to dissect the IIA’s changes in minute detail. There have been a number of great pieces written on this topic, and I encourage you to jump over and read what those on the forefront of internal audit are saying, particularly a recent article by Norman Marks and Kristen Gantt that offers a compelling view of the internal audit department of tomorrow.