My tradition for the past several years has been to embrace my first blog of the year as an opportunity to set out timely, issues-focused New Year’s resolutions for our profession. I’m pleased to continue that tradition for 2023. This year’s resolutions take inspiration from AuditBoard’s 2023 Focus on the Future report, which asked internal auditors to identify the biggest strategic risks facing the profession. When identifying strategies to help you increase internal audit’s impact in 2023, where better to begin? Our focus must be on the risks.
Below is a snapshot of the full array of risks identified in the survey. Some resolutions focus on ways to better navigate all of the listed risks; others hone in on top-ranking risks. In particular, internal audit must take bold action to address its talent management crisis, technology challenges, and the compounding difficulties of managing both existing and emerging risks.
With a clear picture of where the profession sees its strategic risks, I share my resolutions that internal auditors should make to successfully navigate the year ahead.
1. Have a Frank Discussion With the Audit Committee.
As you strive to ensure coverage for your organization’s top risks, make sure the audit committee understands the full picture of internal audit’s capabilities, potential, and limitations. For example, if a lack of bandwidth or specific expertise is impacting your audit plan, make sure the audit committee is cognizant of that. They may be surprised to learn of areas you’re not auditing simply because you don’t have resources or expertise.
Internal auditors rarely have this conversation with the audit committee. We’re good at explaining what we’ve done and where we’ve done well — and not good at being transparent about what we didn’t do, what we don’t do well, and why. Internal auditors can be tempted to avert their eyes from risks they’re not qualified to audit. But if key risks are missed, you and your organization are left exposed to the inevitable question: “Where were the internal auditors?”
2. Proactively Seek Out Collaboration With Other Audit, Risk, and Compliance Professionals.
Last year’s list included the resolution to “Establish better collaboration with other audit, risk, and compliance functions.” I still don’t see this as a widespread practice. So this year’s list takes the resolution a crucial step further, because improved collaboration across the three lines of defense has become a genuine business imperative. To successfully navigate the unpredictable risk bedlam we continue to face, we can’t wait passively for collaboration opportunities to come along. We must make the first move.
Audit, risk, and compliance professionals share a common objective: the success of our organizations. There should be a natural alliance between functions to leverage each other’s competencies toward achieving this shared objective, as our organizations can’t succeed without identifying and mitigating risk. Teams may nonetheless be intimidated by the prospect of collaborating, or feel they should maintain distance for the sake of independence. That’s precisely why internal audit should take the first steps forward, emphasizing the benefits of cross-functional collaboration while suggesting specific avenues for making it happen.
3. Develop and Implement a Talent Management Strategy to Build Internal Audit’s Next Generation.
“Difficulty in attracting and retaining quality talent” was the #1 risk internal auditors identified for 2023. To respond, organizations must leverage risk-focused talent management strategies that look beyond short-term pain points to better serve internal audit’s big-picture mission.
Any good strategy is predicated on a vision. Our vision is to build the next generation of internal audit talent capable of leading our organizations — and profession — into the future, understanding not only our businesses and their risks, but also how to more effectively leverage tools and technology to achieve internal audit’s mission. This vision bears on every risk in our survey.
Creating and actioning talent management strategies capable of supporting internal audit’s next generation requires reimagining our approach to recruiting and retention. That includes rethinking benefits, remote work, flexibility, assignments, development, engagement, and leadership, and considering candidates from more varied backgrounds. Remember: If we only hire candidates who we’re confident can address the risks of the past, we won’t be prepared to face the risks of the future.
4. Embrace Leading Technology to Empower Your Team.
“Inability to leverage technology in internal auditing” was internal auditors’ #2 risk for 2023. Don’t get left behind. In risk bedlam, it’s critical to leverage technology that enables continuous risk monitoring, dynamic audit planning and execution, and improved collaboration with other audit, risk, and compliance teams.
Using an integrated suite of technologies to perform internal audit tasks is quickly becoming the standard for success. A cloud-based, connected risk platform enables organizations to centralize audit, risk, and compliance data, automate and streamline audit efforts, and bolster efficiency and efficacy — as well as holding the promise of better data that can support deeper insight and foresight. As internal audit continues to face resource and budget challenges, these technologies can serve as a capacity multiplier, substantially enhancing our ability to perform our responsibilities and add value while making the best use of limited resources. Make it a priority to research and adopt solutions proven to empower internal auditors in undertaking our critical work.
5. Call Out Aspects of Corporate Culture That Expose Your Organization to Key Risks.
The FTX scandal is already a fable for our time, reminding us that culture and governance still matter. A clear line connects FTX’s lack of governance, oversight, and risk management with its toxic company culture. Use FTX as an opportunity to refocus your organization on the vital importance of risk management and internal controls — and a culture that supports them.
Rededicate yourself to speaking up about any aspects of corporate culture that open the door to significant risk. With a finger on the pulse of culture, internal auditors can help identify problems before they become headline-making scandals. As Cynthia Cooper’s legendary experiences at Worldcom show, it takes courage to blow the whistle — but we must find our voice and use it. We must also recommit to building an effective culture within internal audit, mirroring the best aspects of the culture and avoiding the temptation of sinking to its lowest common denominator.
6. Connect the Dots on Overall Risk Management Effectiveness.
Auditors prefer facts over opinions. Expressing opinions can feel uncomfortable — but you’re out there every day auditing your organization’s full portfolio of risks, giving you a bird’s eye view others lack. Commit to leveraging that body of work to offer your perspective on overall risk management effectiveness, helping to connect the dots for key stakeholders.
Resolve to Increase Your Impact in 2023
New year’s resolutions are too often treated as idealistic goals rather than stalwart commitments. For 2023, choose purposeful resolutions that are actionable, measurable, and achievable, and commit to making them happen. All of these resolutions fit those requirements and are relevant for any organization in the current risk environment. Follow the risks to make resolutions that help you maximize the value of your work — for 2023 and beyond.
Richard Chambers, CIA, CRMA, CFE, CGAP, is the CEO of Richard F. Chambers & Associates, a global advisory firm for internal audit professionals, and also serves as Senior Advisor, Risk and Audit at AuditBoard. Previously, he served for over a decade as the president and CEO of The Institute of Internal Auditors (IIA). Connect with Richard on LinkedIn.