GLOBAL PERSPECTIVES AND INSIGHTS: From Conformance to Ambition

In today’s unprecedented and volatile business environment, organizations face a future that is as difficult to predict as it is open for creativity and innovation. The internal audit activity can play a vital role in helping organizations anticipate, evaluate, and respond to risks and opportunities. And CAEs must effectively demonstrate that value.

CAEs need robust tools to continuously enhance the value that the internal audit activity provides to management and the board. Perhaps equally important, the right tool should enrich the ability to clearly express internal audit’s potential. The Internal Audit Ambition Model seeks to help CAEs achieve those goals.

The Internal Audit Ambition Model may help the internal audit activity:

• Adopt a common approach and consistent criteria for conducting self-assessments of its current (“achieved”) quality.
• Help drive conformance with the The IIA’s International Professional Practices Framework.
• Establish a peer benchmark against which to compare itself.
• Create a visualization of its achievements in key process areas.
• Identify the “ambition” level to which it aspires.
• Identify gaps that must be filled to achieve its desired ambition level.
• Communicate with senior management and the board about its achieved level of quality and its level of ambition.

According to the model’s authors, the word “ambition,” distinguishes this model from maturity models because it communicates the CAE’s choice about the level to which the internal audit activity should aspire. The choice takes into account the input of senior management and the board in light of factors such as the complexity of the organization, the size of the internal audit activity, and the industry in which the organization operates. The word “ambition” moves the focus from simply meeting the requirements to inspiring intentionally chosen improvements.

This Global Perspectives and Insights describes the Internal Audit Ambition Model from the perspective of several CAEs who have applied it. Looking toward to its potential applications, the report considers how the model may be used as part of the internal audit activity’s quality assurance and improvement program (QAIP).

Transforming the Audit Process

The term “agile” in the internal audit context may mean different things to different people. To some, it is a macro-level mindset focused on improving internal audit engagements and activities in a way that minimizes waste and is responsive to providing timely insights nimble enough to accommodate the dynamic risk environment. To others, it is a specific, defined approach to executing internal audit engagements that enhances value to stakeholders. These two different definitions are referred to as agile (little “a”) and Agile (big “A”), respectively.

• Agile (little “a”): a verb used to describe process improvement efforts (exclusive of a specific methodology) employed by internal audit functions to achieve a more nimble, less wasteful internal auditing process. For example, a chief audit executive is looking for opportunities that will make audit processes more agile so that internal auditing services are more capable of addressing the dynamic risk environment.

• Agile (big “A”): a noun used to describe the use of specific agile software development methodologies and an associated mindset shift to achieve more value and agility from the internal auditing process. For example, an internal audit function is using Agile software development approaches to innovate the internal auditing process in an effort to better address the dynamic risk environment.

The implementation and execution for these distinct approaches to improve internal auditing is very different. The process improvement path to becoming a more agile internal audit function (i.e., agile little “a”) is important to recognize because practitioners are driving real value from these efforts. However, this path has no universal underlying approach. For this reason, the latter path (i.e., Agile big “A”) is the primary focus of attention from this point forward, because it does have an associated methodology to be implemented.

We reccommend reading Agile Auditing for deeper knowledge about the subject.

Global Knowledge Brief: Survey results from internal auditors in 95 countries – Part 2

As the world continues to look for answers to the impacts of COVID-19 globally, we find some good news from internal auditors surveyed by The IIA for this global knowledge brief. Internal auditors are demonstrating leadership, flexibility, and relevance as a global profession deeply intertwined in the economy.

Our surveys of internal auditors worldwide first resulted in a Part 1 report on responses to issues faced by organizations. This report focuses on issues faced by internal audit.

Overall, the results remind us that challenges and opportunities presented by the pandemic require all of the key partners in organizational governance — the governing body, management and risk management, internal audit, and external providers of assurance — to collaborate intelligently, not only to maintain routine operational processes under radically altered circumstances, but to imagine new ways to be resilient and successful.

Our surveys of 1,572 internal auditors from 95 countries, which focused on internal audit reactions, confirmed the true global nature of the crisis — that it is affecting every country and every internal audit function, and that internal audit is diving into the disruption caused by the pandemic to find success.

Convergence across various disciplines, evident within organizations today, is creating opportunities for internal audit to strategically partner with management and the governing body, especially with committees of the board. Internal audit offers unique skills and perspectives to analyze control environments and offer solutions involving substantial issues, including governance over new technology, succession planning, business continuity, liquidity reserves, disclosures, supply chains, human capital, stress testing, and fraud, to name a few. Internal audit also can identify and promote new protocols required for today’s virtual workforce and global economy.

COVID-19 presents the most rigorous test of organizational continuity and sustainability in our living memory. By identifying changes to the risk landscape and the need for corresponding changes to risk responses, internal audit can exhibit leadership that supports the organization’s efforts to move forward.

Internal auditors also can bring new value to their organizations by weighing how the pandemic is affecting the organization’s operating model, demonstrating how audit insights can help, and providing assurance over strategies to remain relevant.

A Global Knowledge Brief – Survey results from internal auditors in 95 countries – Part 1

The impacts of COVID-19 have forced organizations around the world to seek answers to questions they may never have previously imagined. Challenges and opportunities presented by the pandemic require all of the key partners in organizational governance — the governing body, management and risk management, internal audit, and external providers of assurance — to collaborate intelligently, not only to maintain routine operational processes under radically altered circumstances, but to imagine new ways to be resilient and successful.

Thanks to the support of IIA affiliates around the world, this new survey of 1,341 internal auditors from 95 countries provides a global look at how organizations are striving to navigate the turmoil precipitated by the crisis. Convergence across various disciplines evident within organizations today is creating opportunities for internal audit to strategically partner with management and the governing body, especially with committees of the board. Internal audit offers unique skills and perspectives to analyze control environments and offer solutions involving substantial issues, including governance over new technology, succession planning, business continuity, liquidity reserves, disclosures, supply chains, human capital, stress testing, and fraud, to name a few. Internal audit also can identify and promote new protocols required for today’s virtual workforce and global economy.

COVID-19 presents the most rigorous test of organizational continuity and sustainability in our living memory. By identifying changes to the risk landscape and the need for corresponding changes to risk responses, internal audit can exhibit leadership that supports the organization’s efforts to move forward. Internal auditors also can bring new value to their organizations by weighing how the pandemic is affecting the organization’s operating model, demonstrating how audit insights can help, and providing assurance over strategies to remain relevant.

Best Practices for the Profession

Internal auditors and internal audit functions have been struggling — some more than others — to find convincing answers addressing one fundamental question: What is the added value of internal auditing in the specific organizational context? This question is of particular relevance to internal auditors and the internal audit profession. On a micro level, that question bluntly challenges the contributions from internal auditing, and on a macro level, the legitimacy and relevance of internal auditing as a profession. Furthermore, this question is highly relevant to internal audit’s key stakeholders, e.g., senior management and the audit committee.

This research provides insights into the applied practices addressing the value question and suggests concrete pointers on how to define, measure, and communicate the value of internal audit. Based on interviews with chief audit executives (CAEs) and a comprehensive global survey, we examine the following questions. How do internal auditors and internal audit functions:
1. Define their added value to the organization?
2. Measure their added value — and which metrics do they use?
3. Communicate their added value?

The results of this study suggest a maturity model distinguishing the roles of internal audit as a governance, risk, and control (GRC) partner, trusted advisor, and value driver as maturing roles of the internal audit function. Assurance emerges as an overarching theme across all roles: The GRC partner delivers assurance services as core remit. The trusted advisor goes beyond to offer advice; however, often limited to subject matters in or associated with internal audit’s core competencies in the GRC arena. The value driver goes further, cracks the traditional boundaries, and contributes to what truly matters in the respective organization, thereby also dealing with the not so familiar, the lesser or unknown subject matters, and the more complex issues.

The risk of fraud is present in all organizations to a greater or lesser degree, depending on various internal factors (organizational culture; level of maturity in corporate governance, risk management, and internal control; type and size of business; etc.) and external factors (industry; national/regional context; market in which it operates; etc.). Unfortunately, fraud is a risk that can affect any organization at any time — in normal times and in times of crisis. Furthermore, in times of crisis, the risk of fraud may increase, as some people may find a reason (pressure/incentive), an opportunity (chance), or a justification (rationalization) to commit irregularities.

In times of crisis, such as the current COVID-19 pandemic (a health crisis that also generated a social and economic crisis), some people may decide to commit fraud for the first time. Those who are accustomed to committing fraud may also try to take advantage of the circumstances to commit new or greater irregularities. Committing fraud at any time is reprehensible, but even more so when it is committed in times of crisis, even sometimes by appropriating resources intended to help overcome the crisis.

As a contribution to the global fight against fraud and corruption, the Latin American Found A Blueprint to Managing Corporate Fraud Risk During a Pandemic offers a practical approach to directly address the scenario of an increased risk of fraud (corruption, misappropriation of assets, fraudulent financial statements) in organizations due to the pandemic.

How internal auditors worldwide are meeting the challenges of the COVID-19 pandemic is the subject of the latest global survey report from IIA Advocacy. Responses from 1,341 internal auditors in 95 countries describe how internal audit is reacting, including managing with reduced budgets.