Rising to business challenges: Is your internal auditor ready?

As businesses prepare to capitalize on a booming economy, internal audit is expected to help light the way with better insight and smarter risk management.

Challenge and opportunity

The Asian Development Bank recently reported that the Philippine economy grew by 7.1% in the third quarter of 2012, versus 3.2% in the same period last year. This makes the Philippines the strongest performing economy in the Southeast Asian region, nearly matching China in growth pace.

For business leaders, this bullish performance spells opportunity. But it also opens the door to bigger risks.

In this environment, internal audit’s (IA) responsibilities in capturing emerging risks, ensuring appropriate corporate governance, and incorporating technology into internal audit processes becomes even more important.

In its 2012 Chief Audit Executive Survey, Grant Thornton summarized the following challenges and opportunities faced by internal audit (IA) organizations:

• Internal auditors are facing increasing technology risks attendant to cloud computing and cybersecurity threats. The ability to achieve growth goals is at risk without protected data and secure processes.

• Trends point to the need for a more global IA presence. Outsourced, offshore and standardized processes across countries may require increased cross-border and multi-cultural IA orientation.

• Chief Audit Executives (CAEs) or their equivalent recognize that their organizations can better harness the power of technology, e.g., data analytics, continuous auditing technologies, in promoting internal audit efficiencies.

• As stakeholders call for internal auditors to have a broader understanding of the business, CAEs are challenged to balance these with developing experiences leading to an executive management career.

The Institute of Internal Auditors (IIA) stressed that internal auditing should be performed by professionals with a deep appreciation of the importance of strong governance, an in-depth understanding of business systems and processes, and a fundamental drive to help organizations more effectively manage risk. IA adds organizational value when it proactively provides objective assurance and insight into the effectiveness and efficiency of governance, risk management, and internal control processes.

Internal auditors are expected to level-up their competencies in light of these changes in business and stakeholder expectations.

Competencies for today’s internal auditor

Results from an IIA Research Foundation survey showed that the following are ‘very important’ competencies internal auditors should demonstrate:

• Communication skills (including oral, written, report writing and presentation)

• Problem identification and solution skills (including core, conceptual, and analytical thinking)

• Ability to promote the value of internal audit

• Keeping up to date with industry, regulatory and standard changes

• Organizational skills

• Conflict resolution and negotiation skills

By level, CAEs should have the ability to promote the value of internal audit; managers are expected to exhibit organizational skills, while IA staff should demonstrate excellent communication skills.

Internal auditors regard ethical conduct, i.e., managing one’s actions toward others based on commonly accepted standards, as the most important behavioural skill. Ethical conduct can be demonstrated through the following ‘very important’ components:

• Confidentiality

• Objectivity

• Communication (sending clear messages)

• Judgement

• Governance and ethics sensitivity

By rank, the top skills CAEs should demonstrate include leadership, governance and ethics sensitivity, and influence (ability to persuade).

Managers should demonstrate effective staff management skills, while IA staff should be team players (must be able to inspire collaboration/cooperation among team members).

The common technical skills, i.e., applying subject matter or terminology in a particular field, are expected of internal auditors, which include understanding business, and risk analysis and control self-assessment techniques.

CAEs and managers should additionally focus on skills related to managing people while IA staff should focus on skills needed for analysing processes and controls.

Summary

Internal auditors should continually improve their competencies, knowledge, and audit tools and techniques to adequately address the risks facing their organizations.

A respondent to the IIA Research Foundation survey highlighted the growing expectations concerning internal auditors by stating that, “Internal audit is becoming a place where leaders are made.” Furthermore, the survey revealed that in light of increased stakeholder expectations, internal auditors remain receptive to taking on newer and broader responsibilities.

The challenge lies in the transformation process – in developing a competency framework and individual development plans that support internal auditors as they move up the organizational ladder.

And the bigger question is: Is your internal auditor ready?

Mhycke C. Gallego CPA, CIA, CCSA, CRISC, MPM is a Partner with the Advisory Services Division of Punongbayan & Araullo.

Executive Brief – December 2012

Punongbayan and Araullo