The State of Internal Audit: Maximizing Impact

From cybersecurity and fraud to ESG and digital disruption, the 2023 IIA GAM conference covered several new risks and challenges that internal audit leaders face today.

More than 1,150 internal audit leaders gathered to network, learn, and share best practices, including our own Ruth Nouanesengsy, Head of Internal Audit, and Grant Ostler, Industry Principal. With so many takeaways from the conference, Ruth and Grant joined the Workiva podcast Off the Books to share their insights. Here are a few of the top highlights from the conversation.

The internal audit journey: From compliance to value

When IIA President and CEO Anthony J. Pugliese, CIA, CPA, CGMA, CITP kicked off the conference with a keynote on the current state of the internal audit profession, he spoke to the opportunity internal auditors have—more than they ever have before—to lead the way, drive change, and maximize impact.

That’s because with emerging risks like ESG and technologies like ChatGPT, Anthony said organizations will need internal audit’s guidance, and the role of internal audit will become even more relevant.

This hasn’t always been the case though. When the Sarbanes-Oxley Act (SOX) first rolled out, many teams became compliance-oriented. From building new processes to establishing effective governance, teams spent a lot of time on SOX compliance in the beginning. But now after more than 20 years of SOX, there has been so much progress made and new technology to help streamline and automate SOX processes that there’s a significant opportunity for internal audit and risk teams to go beyond compliance.

Ruth said she agrees that there has been a shift in recent years, and that now it’s not just about meeting regulatory requirements. It’s also about improving compliance and bringing value. For her, that means being a strategic advisor to help her organization succeed.

“My focus is on bringing value and being a business partner. When I’m coming in and performing an audit, I’m asking—what can I do to help you?,” Ruth said.

Grant said that we really are in a “renaissance period for auditors” and also agrees there is a transition going on where teams are focused on improving efficiency and spending more of their time on high-value, strategic work.

We've learned a lot through SOX and are making progress to streamline it. It’s normalizing, and the stakes are going up for our profession. It’s about adding value now and finding ways to help your organization be more efficient and productive."

Grant Ostler
Industry Principal, Workiva

Proactive risk management: A keen eye on emerging risks

Moving from reactive to proactive risk management was another major topic of conversation. To keep up with new risks and elevate potential issues to the business, Ruth and Grant spoke about the main areas of concern for internal auditors right now, including cybersecurity, fraud, ESG, and ChatGPT.

In fact, cybersecurity wasn’t only a hot topic at the conference. It is notably a top risk for many companies according to the 2023 Pulse of Internal Audit report, where 78% of respondents said cybersecurity is a high or very high risk at their organizations.

“There was a lot of talk about helping our organizations be more resilient,” Grant said. “Cyber is clearly an area auditors are honing in on because there have been so many challenges with it and will continue to be more.” 

And when it comes to emerging risks like ESG, it’s about how to get in front of those risks, Grant said. How do you get your governance, risk, and compliance processes ready so you aren’t playing catch up? What are the opportunities for your organization to do ESG well?

And it wouldn’t be a conversation about new risks and opportunities without ChatGPT. From Ruth’s perspective, it’s about being proactive on these new technologies because even though there are benefits, “ChatGPT is not the end all, be all.”

“To Ruth’s point, ChatGPT doesn’t solve everything. And there are downsides,” Grant said. “One of the risks for auditors is relying on something so heavily that you lose your objectivity.”

To get the benefits from technology like ChatGPT, you have to mitigate the risks and ask if it makes sense for your organization, he said. “All of these opportunities are opportunities for us to do things more efficiently, but we have to maintain our critical thinking. We have to maintain skepticism as auditors.”

Finding and retaining top internal audit talent

An ongoing conversation across accounting, finance, and internal audit teams has been how to attract and keep high-performing employees. The talent shortage has made it challenging to fill roles within internal audit—adding even more pressure to teams already stretched thin.

“It’s difficult to fill all the open positions you have today,” Grant said. “So a lot of the conversation around this was thinking through how do we retain our employees? How do we make the work they do more meaningful? How do we automate the routine and monotonous tasks so they can focus their energy and their minds on what counts?”

In addition, many internal audit leaders are getting creative with their hiring process, looking at non-traditional candidates that bring in new skill sets. Grant mentioned a conversation he had with one leader who recently hired two psychologists. Ruth also mentioned that during her internal audit career, she’s worked with a variety of people from diverse backgrounds, including marketing, HR, and safety.

Since a CPA license is not required to be an internal auditor, many are seeing the benefits in hiring employees with different backgrounds and teaching them the necessary skills. “That diversity of thought within the audit team adds value,” Grant said.

And if you’re looking for a new career, Ruth and Grant shared why there’s never been a better time to become an auditor.

“There are so many opportunities open to us right now. There is so much that you can learn and do, and different directions you can take,” Ruth said.

To get the full recap and top takeaways from IIA GAM 2023, including insights on audit analytics and the IPPF evolution, watch the full Off the Books episode with Grant and Ruth.