The Institute of Internal Auditors kicked off its annual international conference Monday, highlighting its global growth and the ways in which internal auditors are helping companies with fraud detection, risk management and cybersecurity, while tackling emerging areas like sustainability and artificial intelligence.
The IIA added new affiliates this past year in Honduras, Vietnam, Bolivia and Senegal, and has two new affiliates in Malta and Somalia that are expected to join the organization soon. It also recently added a regional body representing the Arab countries, joining other regional bodies in North America, Europe, Asia Pacific, Africa, and Latin America. The conference attracted approximately 2,600 people from 112 countries to Amsterdam, with another 250 people joining online.
One of the top priorities for the IIA is combating fraud, and the institute recently began partnering with the Association of Certified Fraud Examiners, signing a memorandum of understanding to develop joint education programs and research.
“We’ve been seeing an increase in fraud,” said IIA president and CEO Anthony Pugliese. “We do a lot of things that are critical as this issue becomes more and more important in risk assessment, fraud detection, internal control and evaluation. We’re seeing our members move more deeply into fraud detection and prevention than probably at any other point in our history.”
He noted that the IIA and the ACFE recently released a report on fraud whistleblower programs that found 75% of respondents indicated their organizations have a whistleblower hotline program (see story).
Internal auditors are also getting more involved in cybersecurity.
“What role do internal auditors play in cybersecurity? Probably the most important thing we can do is start doing what we do best, and that’s ask questions, understand what the responses mean and whether there’s real integrity behind the responses,” said Pugliese.
He sees a role for internal auditors in cybersecurity efforts around risk assessment, security controls evaluation, compliance with regulations, incident response planning, staff training and awareness, and continuous auditing.
“With continuous assurance and continuous auditing, some people interpret that as real time, and some organizations actually have real-time detection,” said Pugliese. “They can tell when a cyber breach occurs almost in real time. To others, that means they do it on an extremely frequent basis. It’s not a one-time-a-year evaluation. It’s a constant evaluation process.”
He also said that there are ways internal auditors can help organizations deter ransomware attacks and comply with data privacy laws like the European Union’s General Data Protection Regulation as well as the Securities and Exchange Commission’s proposed cybersecurity disclosure rules.
ESG efforts
The Securities and Exchange Commission proposed a climate change disclosure rule that’s expected to be finalized later this year, while the International Sustainability Standards Board recently issued its own climate disclosure and sustainability standards (see story), and Pugliese envisions a role for internal auditors in helping organizations with environmental, social and governance initiatives.
“Internal auditors should be doing a lot of things like incorporating ESG into the audit plan, and making sure that they’re talking about ESG concepts to boards, performing internal audits to provide some level of assurance that the control environment is sound and valid, testing relevant controls, advising on ESG reporting, validating risk mitigation — all the different things that we do in almost every other area that we audit, or provide consulting services around advisory services,” said Pugliese. “Our role is becoming more and more important, and as we start to seek internal audit be added to legislation and regulation, the more our role will grow.”
ChatGPT and AI
He believes internal auditors will also be needed to help organizations deal with the growing role of artificial intelligence, as generative AI programs like OpenAI’s ChatGPT and Google’s Bard become widely used. He noted that OpenAI recently said that 80% of workers may see their jobs impacted by AI. When people were asked in a recent study by OpenAI, OpenResearch and the University of Pennsylvania about which occupations would be most affected, tax preparers were in second place, and when ChatGPT itself was asked which professions were most exposed, accountants and auditors ranked in second place, according to Euronews Next.
However, Pugliese sees a bright side to the findings.
“Somebody has to understand all this, and it impacts us by making us have another really good tool in our toolbelt to use as we do our jobs, and to help us be better at what we do,” he said. “Nonetheless, that’s one of the occupations affected, and I think we need to move quickly to take advantage of that and turn that to our favor.”
Future plans for the IIA
Internal auditors are playing an ever-increasing role in these and other areas.
“What I’ve recognized over my 25-year career is how dynamic this profession is,” said IIA chair Benito Ybarra, chief audit and compliance officer for the Texas Department of Transportation, who also spoke during the keynote session. “Now what we see is that it’s moving very quickly. We used to have more time to consider, to plan and then to try to add value at organizations. That is all still true, but the timeline is constrained. Based on firsthand experience, the state of the profession is strong. We are growing, but we are being asked to do more and to do it faster, and the only way we’re going to be able to do that is to create a future that includes all of us.”
The IIA recently convened a global assembly represented by members in 105 countries to decide on the future plans for its international federation. Among the changes coming are in its certification exams after the organization conducted a market study on its Certified Internal Auditor credential.
“Some of the things that came out of this study in the professional certifications will focus on our pricing, the exam focus and structure, and the time to complete are some examples,” said Ybarra. “Now, with any change with regard to the credentials like the CIA, we all agree that it’s very important to maintain the integrity and rigor of the exam, but also make the exam more accessible and relevant to our global leaders and global members and nonmembers.”
The IIA has also been updating its standards and International Professional Practices Framework as part of an initiative called the IPPF Evolution.
“It’s a big deal,” said Ybarra. “This is the basis for conducting our audit work in every aspect, and it’s going to be a big set of changes coming forward.” Over 19,000 individual comments have come in on the standards.
The IIA has also been working on an initiative called Internal Audit Vision 2035 to plan for the future, led by its Internal Audit Foundation and its global board of directors.
“What might the profession look like in 2035 and is that the direction we want the profession to be headed?” asked Pugliese. “With the changing business environment, there’s so much that we need to understand about the impact of all these new issues and how it could favorably or unfavorably affect the profession.”
The IIA wants to see how well its work is understood by government groups around the world, and whether it needs to do more in schools, colleges and universities around the globe to bring more awareness of the profession. The organization plans to carry out more research to learn what people are saying about internal auditing around the world.
“We may not hear what we want to hear, but we’ll know what’s going on, and it really builds a whole lot of opportunities for the profession,” said Pugliese. “This isn’t about IIA. This is about the internal audit profession, and it will affect IIA in our strategic direction as we move forward. It will validate or maybe invalidate portions of our strategic plan. It may tell us to speed things up or slow things down. But it will build awareness for our entire profession of the opportunities and the challenges that lie in front of us as we try to fast forward 12 years into the future.”