May is International Internal Audit Awareness Month. During this time, the Institute of Internal Auditors (IIA) encourages members, chapters, and institutes around the world to promote the value and critical role of internal auditors.
We see it on the front lines of business every day. With a major shift to digital processes, the dramatic rise in cyber risk and data privacy, and high-profile incidents of corporate wrongdoing, companies need internal guidance more than ever. Smart organizations look to internal auditing to be insightful and objective on a variety of topics related to governance, risk management, business goals, and strategic objectives.
Internal auditing serves as the organization’s third line of defense. Risk Management outlines the three distinct lines of defense:
1) The first line is business units that own the risks.
2) The second line of defense is risk and control specialists who support the first line.
3) The third line encompasses internal and external auditors who validate and verify the second line’s risk and control assessments.
Auditors also provide senior management and the board with independent assurance of the design and operating effectiveness of the organization’s risk management activities - a cross-functional task that requires careful communication.
Given the organizational impact of internal auditors, we envision another way to describe their role. President Harry Truman had a sign on his desk that read, “The buck stops here.” It’s internal auditors who speak up on behalf of the organization. When powerful people in the room push for an initiative and many of the details have been ironed out, it’s up to internal auditors to either sign off or sound the alarm. The easy thing to do is acquiesce. The harder thing is to be the contrarian in a partisan crowd. And yet, that’s what internal auditors must do inside organizations.
With companies under pressure to innovate and facing pressures from competitors and outside forces, governance, control systems, and risk management take on increased importance. Technology can empower internal auditors by streamlining audit activities and arming them with data and metrics to make compelling arguments to senior management and the board. When push comes to shove, the value of internal auditors is acting in the company’s best interests, regardless which way the wind is blowing.
Internal auditor, we salute you, during Internal Audit Awareness Month and every month.
