As an internal auditor for almost 20 years, I’ve had a front row seat to the evolution of the internal audit function and the corresponding shift in the required skillsets of internal audit professionals. When I first began my internal audit career, it caused a few raised eyebrows when I explained to my internal audit colleagues that I had a computer science degree since most auditing professionals traditionally come from an accounting background. While many auditing professionals still typically have an accounting background, the auditor’s skillset has evolved over the years along with the role of the internal audit function.
Related: How "Turbocharged" Tech is Impacting the Cyber Threat Landscape
In today’s complex business environment, internal audit teams are expanding their purview beyond risk assurance activities to provide strategic advisory services. As auditors are increasingly expected to contribute to organizational strategy, we are increasing our focus on enterprise-wide risks such as cybersecurity and integrating data analytics more extensively into our operations. This shift presents the opportunity to welcome into the auditing profession, a diverse pool of talent with broader skillsets including the ability to leverage technology in our day-to-day work.
I saw a unique opportunity to advance internal audit’s role in strategic risk management and innovation when I joined DTCC a year ago. Like every other function, internal audit is confronting the risks posed by emerging technologies and intricate regulatory challenges. However, these same technologies present internal auditors with the opportunity to enhance and augment their strategic contributions.
There are often misconceptions about internal audit. Some believe we are focused solely on accounting or acting as a proxy for regulators. However, we are a strategic partner that supports the organization by proactively identifying blind spots and new risks to drive performance and achieve business goals.
Recently, I had the honor to participate in a panel at the 2024 Financial Services Conference hosted by the Institute of Internal Auditors that explored emerging business risks. Moderated by Uday Gulvadi, Managing Director, Stout, I was joined by Raymond Clifford, Chief Audit Executive, Scotiabank and Rachel Tressy, Chief Auditor, Voya Financial. The discussion emphasized the critical role internal audit plays in helping organizations navigate today’s dynamic business environment and nascent risks. The panel underscored four key areas where internal audit can add strategic value to our organizations:
1. Geopolitical risk and macroeconomic uncertainty
Though economic risks are familiar to financial institutions and auditors, the rapid changes in interest rates and inflation, coupled with record levels of geopolitical uncertainty and the upcoming U.S. Presidential election, is creating an environment of intensified challenges and increased opportunities. By leveraging the latest models and methods, internal audit can play a vital role in assessing these risks and supporting effective, strategic decision-making.
2. Strengthening cybersecurity and resilience
The transformation of internal audit’s strategic role was increasingly recognized when company boards made cybersecurity a priority about five years ago. Increasing reliance on third parties and evolving cyber threats necessitated robust risk management strategies. The ever-increasing cyber threat landscape accentuates internal audit’s importance in strengthen organizational defenses by evaluating controls, monitoring performance, and enabling proactive incident planning, response, and resilience.
3. Evolving regulations and AI governance
Traditionally, internal audit teams have helped navigate complex regulatory environments, particularly in financial services. However, the current rate of change and the explosion of new, transformative technologies such as blockchain and artificial intelligence can challenge even regulatory bodies to create or adapt their frameworks. Ensuring responsible AI development will require flexible governance frameworks capable of constant adaptation. Internal audit can provide tested controls to ensure safe innovation and regulatory compliance around Artificial Intelligence (AI) initiatives.
4. Employee engagement/culture of innovation
The hybrid work environment presents challenges for employee engagement and talent management. Internal audit can contribute to an employee culture that values engagement and innovation, building relationships across teams and functions, by fostering communication, coordinating cross-functional collaboration, and sharing best practices.
A Misunderstood Function
There are often misconceptions about internal audit. Some believe we are focused solely on accounting or acting as a proxy for regulators. However, the reality is far more dynamic. Internal audit plays a critical role in proactively identifying business risks and helping an organization meet its strategic objectives.
In my role as the General Auditor at DTCC, I am committed to clarifying these misconceptions and showcasing the immense value we bring to the organization and addressing the ever-evolving risk landscape. By embracing technology and adopting innovative practices, we can effectively identify blind spots and support the organization in staying ahead of potential threats.
As business risks become more complex and technology-focused, internal audit’s strategic value will continue to grow significantly. Our focus on data and analytics skills, coupled with strong leadership and critical thinking, opens doors for a new generation of internal auditors who can truly propel the organization forward. I firmly believe that the internal audit profession is well-positioned to attract and retain talent with diverse backgrounds across all levels.