Many years ago I once shared an office with group of high-testosterone young management accountants and a solitary middle-aged female internal auditor. She must have dreaded coming to work, not knowing what tales she would over hear from her cubicle in the corner. She was a pleasant enough person, but my suspicion is she was passed over for promotion a few times and put out to grass in internal audit. In my experience, it’s a role that people fall into, rather than actively seek out – a safe retreat for those years when the career aspirations have evaporated but it’s still too early to be thinking or retirement.
No longer so, according to “The Pulse of the Profession” report by the US’s Institute of Internal Auditors (IIA). Basic accounting and financial skills and a diligent approach to work are no longer sufficient for internal auditor roles today as companies are looking for more critical thinking, communication and technical know-how from their internal auditors.
According to the report, which was based on a survey of 461 internal audit professionals in the US and Canada, the top five skills sought from new internal audit staff are:
- Analytical and critical thinking, identified by 73% of respondents.
- Communication skills (61%).
- Data mining and analytics (50%).
- General IT knowledge (49%).
- Business acumen (46%).
Apparently the role of internal auditing is evolving. A few years ago it was strictly focused on financial risks and controls and Sarbanes-Oxley Act (SOX) compliance, but today there is a growing focus on operational areas and greater involvement in risk management. Much like finance folk, switched-on auditors are broadening their roles to enhance their value to their organisations. Figures in the report indicate the shift in focus with on 7% of respondents reporting increased involvement in SOX against a third reporting an Increase in operational risks and strategic business risk. However, it’s small beginnings as overall only about 5% of internal audit’s time in 2012 was dedicated to strategic business risk and 4% dedicated to effectiveness of risk management, something the report suggests may be out of step with the priorities of other stakeholders.
The report suggests that internal audit folk get key stakeholders to identify their top five areas of concern and prioritise these in their audit plan. I may be cynical, but I suspect there is a large population of internal auditors who may find this well outside their comfort zone.