Patty Miller, senior vice-chairwoman of the Institute of Internal Auditors’ global board, gives her take on the way head for the role
How would you describe your role at The IIA and within IIA – what are your primary responsibilities?
Informally, my role allows me to use my passion for the internal audit profession and my leadership abilities to raise awareness around the world of the profession and its contributions. In my formal role as senior vice-chairwoman for the IIA’s global board, my most important responsibility is to help drive our strategic objectives and facilitate communication and alignment between all of the IIA’s committees.
What elements of your role(s) do you find the most challenging?
With the enormous growth in the internal audit profession over the last several years, it has been challenging to set the IIA’s strategic direction so that we address all of the growth and differing maturity levels of the profession around the world, while establishing internal auditing as a profession unto itself. Because it is such a growing profession, there are more opportunities than we have resources available, so we’ve had to corral ourselves and focus on our key objectives, which are:
• to elevate and advocate the profession;
• to operate globally;
• to be recognised as the profession’s voice and standard setter; and
• to be the preferred and primary provider of research and professional development.
What are some of the major changes in recent years that have had an impact on your role and the audit profession?
The US Sarbanes-Oxley Act of 2002 (SOX), and similar legislation and regulations around the world, pulled internal auditors away from their usual responsibilities and steered them to financial compliance activities. Although for many internal auditors this shift limited their opportunity to focus on operational areas in favour of financial reporting, it did heighten the visibility of the profession, and many internal audit directors found themselves repositioned as a key member of the senior leadership team. Now that the SOX compliance efforts have become fairly routine for most public companies, internal audit activities are beginning to rebalance their scope and refocus on broader stakeholder expectations and risk-based auditing.
How is the role of internal auditors evolving?
With corporate scandals, regulatory reform, and the emergence of a focus on corporate governance, the internal audit activity has never had greater visibility and responsibility within organisations. Many professionals are viewed as strategic business partners because of their vital roles in governance, risk assessment and mitigation, and internal controls. Internal auditing is relied upon to provide an objective view of business activities, and to provide thoughtful and practical recommendations to enhance the business.
What is driving those changes?
Increasing regulation, as noted above. But globalisation and advances in technology, as well as an increased use of outsourcing, alliances and strategic partners in order to serve customers, has made business much more complex. At the same time, the expectations on organisations to be ‘good corporate citizens’, taking into account environmental and social performance along with financial performance, are on the rise. The role of internal auditing in helping an organisation and its board manage the variety of risks and stakeholder expectations has never been greater.
What part should internal auditing play in risk management?
Internal auditing’s key roles are to help educate the board and senior management on enterprise risk, and to provide objective assurance on risk management activities which help ensure key business risks are managed and that there is an effective system of internal controls in place. The internal auditor’s job is not to manage risk, but to understand risks, to create a fluid audit plan that addresses existing and emerging risks, to objectively report on the results of reviews, and to offer reasoned recommendations to mitigate risks.
I understand you are now focusing on a global strategic plan for the next five years. Could you explain briefly what plans you have, and why you are introducing these changes.
In the past, The IIA’s strategic plans have focused on important initiatives for the coming three years – but haven’t looked out into the future and answered the question – ‘What destination are we aiming for?’ We decided to change our approach by first developing a ‘preferred future state’ of the IIA and the profession. This shifted us to a longer timeframe of six years so we could look at our vision for the profession and the institute, and identify and clarify our desired outcomes. By focusing more on outcomes rather than activities, we have been able to further explore professionalism and the IIA’s role in the profession.
Out of key discussions with leaders in the IIA and our profession around the world, we identified “preferred future” milestones which include:
• the internal audit profession being universally recognised as a profession;
• the IIA defining the principles of the profession and ensuring they are available worldwide;
• ensuring adherence to professional requirements;
• becoming the preferred provider in research, development, and dissemination of knowledge to advance the profession; and
• operating as one global organisation.
What is the usual career path to your position, and has it/is it changing?
Previously, internal auditors primarily came from sister professions such as accounting, or came from operating areas in the business, and had to learn internal audit skills on the job. More and more colleges and universities are establishing internal audit curricula and degree programs through the IIA’s Internal Audit Education Partnership (IAEP), which is preparing students to join the internal audit profession. However, it is important for internal audit organisations to be multidisciplinary and reflect a broad range of expertise – such as IT, environmental, engineering specialists, and other specialty areas – as internal audits are performed in all areas of a business.
Beyond internal auditing, what is the usual career path for internal audit professionals and how has this been changing, if at all?
Internal auditing itself can be a career. One can start as a staff auditor and work his or her way up to chief audit executive (CAE). There definitely will be a high demand for internal auditors for many years to come. However, because this profession is so broad-based, it is an ideal career for someone who is interested in eventually working in management. As an internal auditor, you have access to every area of an organisation and have an overall picture of how things work – which is an advantage to someone looking toward a future in management.
Do you have any advice for those wishing to work in your area now?
I would encourage them to embrace professionalism, obtain their CIA certification to demonstrate competency in the internal audit field, and conform to the IIA’s standards which provide guidance for internal audit practices. People who want to enter this profession have access to a phenomenal amount of information, guidance, and best-practice advice through the IIA and its many chapters and institutes all over the world. I would also encourage them to participate in their local IIA chapters – it is a great way to quickly develop a network of experienced auditors to learn from, as well as to gain leadership experience by managing local committees and chapter activities.
Patty Miller will be a keynote speaker at the Institute of Internal Auditors-Australia South Pacific and Asia Conference, being held at the Sydney Convention and Exhibition Centre from 2–5 March
News