An audit of internal auditing. May calls for it.
May is International Internal Audit Awareness Month. During this time, the Institute of Internal Auditors (IIA) encourages members, chapters, and Institutes around the world to actively promote internal auditing’s value.
IIA doesn’t need to tell us about the value of internal auditing. We see it on the front lines of business. With a major shift to digital processes, the dramatic rise in cyber risk and data privacy, and high-profile incidents of corporate wrong-doing, companies need internal guidance more than ever. Smart organizations look to internal auditing to be insightful and objective on a variety of topics related to governance, risk management, business goals, and strategic objectives.
Internal auditing serves as the organization’s third line of defense. Risk Management outlines the three distinct defense roles. The first line is business units that own the risks. The second line of defense is risk and control specialists who support the first line. The third line encompasses internal and external auditors who validate and verify the second line’s risk and control assessments. Auditors also “provide senior management and the board with independent assurance of the design and operating effectiveness of the organization’s risk management activities.”
Given the organizational impact of internal auditors, we envision another way to describe their role. President Harry Truman had a sign on his desk that read, “The buck stops here.” Incidentally, Truman’s hometown of Independence, Missouri, is located only 18 miles from Lockpath offices. No offense to external auditors, but it’s internal auditors who speak up on behalf of the organization. When powerful people in the room push for an initiative and many of the details have been ironed out, it’s up to internal auditors to either sign off or sound the alarm. The easy thing to do is acquiesce. The harder thing is to be the contrarian in a partisan crowd. And yet, that’s what internal auditors must do inside organizations.
With companies under pressure to innovate and under assault by competitors and outside forces, governance, control systems, and risk management take on increased importance. Technology can aid and empower internal auditors by streamlining audit activities and arming them with findings and metrics to make compelling arguments to senior management and the board. When push comes to shove, the value of internal auditors is acting in the company’s best interests, regardless which way the wind is blowing.
Internal auditor, we salute you. May is the month that the light is shined on the value of internal auditing. That’s fine and proper. The front lines of business tell us that the light of internal auditing shines brightest throughout the year and even in a company’s darkest moments.
It’s International Internal Audit Awareness Month, see how The Institute of Internal Auditors is promoting internal auditing’s value.
Chances are, you have a love/hate relationship with auditors. Learn six ways to appreciation and gratitude for the audit department this Valentine’s Day.
In a recent webinar, Jason Eubanks takes you through the reasons for ISO 27001 certification and shares what the standard’s requirements and more.