Happy New Year to all of my blog readers!
This is usually the point of the year at which I debate whether to continue my blog; whether it is making a difference to the world of internal audit theory, and more importantly, practice; and whether it is really working as a platform for me to debate my professional issues, challenges and debates.
I won’t be having an existential crisis this year. I see from the statistics that my blog posts are read, and I have a (very) small loyal following. My team I know reads the blog, at least some do and pass the thoughts on, for which I am grateful. I can see that the profession, once again in 2017, still feels fragile. It feels fragile in the developing world contexts with which I professionally deal and still is fragile in the developed Western economies. So I think there is a need for my blog.
The profession is stronger in many ways. The IPPF and the International Standards are, broadly, sensible (see New 2017 IIA Standards – Good or bad?). Internal audit is something that the professional services firms are still engaging with, albeit their own non-internal version of it.
Yet there are dark storm clouds on the horizon. The professional qualifications from the Institute are still not where they should be (see Continuing or continuous professional development?), and the QIAL qualification has not yet fully established itself (for example here or here). Certainly from a UK perspective it is challenging to see what I thought was our relatively strong CMIIA qualification subsumed into the Global Qualifications, and then the dual certification process we have left. This leaves the path open to other institutes, for example the UK’s Chartered Institute of Public Finance and Accountancy (CIPFA) and their ever-increasing set of qualifications offerings (see CIPFA) to fill the gap. In the UK we have the Internal Audit Standards Board which is part-hosted by CIPFA. See here for more information. It’s unclear to me why a finance and accounting institute should have an interest in this, other than fees and training revenue potentially from it. I thought internal audit had moved on from pure internal financial control some time ago. The Board I think is useful and the people on it are good, but the Standards themselves don’t seem to me to add much to the International Standards and are forced de facto to change as the Standards change (as their current consultation suggests).
The Institute ensures internal audit is principles-based. This makes a lot of sense. Yet I find that this allows a range of practice, some of which is quite dated and unhelpful, to continue. Tim Leech makes some helpful criticisms of this, though I don’t really agree with his conclusion or solutions (see Internal Audit – the next Blackberry?). In my current role I work across the international community and see a range of internal audit functions. Many I need to take a view on, whether they are suitable to meet my current client’s standards (for my client in part funds those third parties). I see a range of internal audit services, from the good to the very poor. This variation in performance is not often to do with competence or quality, but its positioning in the organisation. Does the organisation ‘get’ its need for good governance and internal audit’s role in that? If it does then the internal audit function should step up and deliver it. If not, then even the best placed and talented internal audit team will not make an impact. I believe that where an organisation has great internal audit it makes a seismic difference.
Then there is the Institute itself. I think the Global Institute and its federal members need to make a step change in how they organise themselves to really take the profession forward. This is not just limited to internal audit as a profession, the accounting profession has a similar set of challenges with a preponderance of institutes. What joins the accounting profession together are its global accounting standards, IFRS and IPSAS. What should join the IA institutes together is a single global set of standards. These are, however, not as specific and legally structured as IFRS or IPSAS, so this makes using the Standards as a binding force less tenable. Is there a need to make the federal structure more tight around the US / Global Institute (that has reached critical mass)? A single global platform? Lower overhead costs? Greater consistency? This would still seek to retain the best of local institutes but use the organisational efficiency of a single global organisation. Just a thought.
If I turn a little introspectively to my own team and internal audit service this year. I think it’s been great (I would say that, but the statistics, evidence and client feedback seems to suggest the same). We’ve got vacancies because my people are in demand across the business. That’s a huge compliment (also an interesting challenge). We have a fully risk based based approach and this is making a difference to my client’s risk management as a result. We are effectively an internal consultancy service (long-time readers of my blog will know I see little difference between consultancy and internal audit, see Consultancy or imposition?). We’re fully compliant with the Standards. We are full of bright and talented people and have successfully integrated internal audit and counter fraud teams and work. One of my team has even been recognised in the New Year’s honours list for her work, a personal and team accolade.
So I think I face 2017 from a professional perspective in an overall positive mood. One of my ambitions is to influence the profession more and help out with its improvement. I will explore ways to do that. Another is to focus on the promulgation of my own internal audit methodology, which I think is both fully risk based and transformative. It’s not rocket science, but it works and at scale. My team talks about the ‘Garnett’ methodology of internal audit so expect some copyrighted promulgation of it in my blog this year.
I hope all of my professional colleagues and partners have a great new year too and I look forward to working with you.