Actualiteit

As the leader of the internal audit function, the chief audit executive (CAE) is responsible for its effective and efficient management. Although these traditional advisor/internal watchdog responsibilities are still the CAE’s primary priorities, that role is increasingly being called on to provide the services of a business partner or consultant as well.* This expanded sphere of responsibility requires the CAE to acquire and augment certain soft skills in addition to the technical audit skills that are needed to perform the traditional CAE role. What are those skills? What sort of education, experience, and certifications tend to lead to the CAE position? Organizations want to know so they can identify and groom their next internal audit leaders. Internal auditors who aspire to be CAEs also want to know so they can carefully shape their career paths with the desired target in mind. The CBOK 2015 Global Internal Audit Practitioner Survey addresses many of these questions. Data was gathered on the demographic characteristics of CAEs worldwide and interviews were conducted with global CAEs to identify the types of skills that tend to facilitate a move into the CAE position. The data shows that the CAEs surveyed are predominantly males between the ages of 40 and 49. They have obtained at least a bachelor’s degree, most likely with a major in accounting. They have spent about 13 years in internal audit, seven of them in the CAE position. Most have an internal audit certification, likely a Certified Internal Auditor (CIA) credential. Of course, those characteristics vary based on geographic region and organization type and size. For example, CAEs in North America tend to be older than CAEs from other regions and more likely to have obtained the CIA certification. In addition to examining current demographic differences, this report takes a look back in time, comparing data from prior CBOK surveys to the 2015 results to uncover meaningful trends. For example, the percentage of CAEs with an internal audit certification has increased significantly from the 41% reported in 2006 to 53% in 2015. While education, experience, and certifications are important, they alone are not sufficient to propel someone to the CAE ranks. Personal skills and attributes are also evaluated by organizations seeking to appoint a CAE. This report discusses those soft skills by relaying insights gathered through interviews with a number of global CAEs. These leaders share some of the characteristics and skills they believe are must-haves for aspiring CAEs. 

How well are internal audit departments meeting the needs of the audit committee, and is the internal audit department receiving the proper support and oversight from the audit committee? The overall answer to these two questions is that both groups are doing better, but there are many opportunities for improvement. Key insights in this report include: Although the numbers are increasing, there are still too many organizations without effective audit committees (or their equivalent). The frequency of audit committee meetings varies dramatically between regions—sometimes related to the nature of governance in a country, other times related to the maturity of the governance function. The opportunity for internal audit to meet with the board or audit committee in executive sessions without management present is quite low in some regions and needs to be improved. Governmental (and some private) organizations are lagging in developing effective audit committees (or their equivalent). Author Larry Rittenberg, professor emeritus at the University of Wisconsin-Madison, served as chairman of the Committee of Sponsoring Organizations of the Treadway Commission (COSO) from 2004 to 2009. Current information about the interaction between audit committees and internal auditors was obtained from the CBOK 2015 Global Internal Audit Practitioner Survey, the largest ongoing survey of internal auditors in the world. 

Anyone who was in the business world some 15 years ago remembers the debacles associated with organizations such as Enron, WorldCom, and Adelphia. (While all United States-based examples, similar debacles have played out globally.) People watched astonished, dismayed, and disgusted as the stories unfolded, revealing a world of alleged corporate misdeeds and misconduct that rocked global financial markets and saddled innocent employees and stockholders with irreparable financial damage. Financial pundits wondered how the controls designed to make this sort of malfeasance impossible could have failed so completely. Cynics nodded their heads knowingly and suggested that perhaps this would awaken naïve consumers to the ugly realities of corporate life and underscore the negative aspects of capitalism run amok. Surely, a decade and a half removed, we can breathe a sigh of relief and feel confident that this sort of corporate malfeasance is behind us. Sadly, given current events that are ever-present through every media channel, that is not the case. There appears to be no shortage of corporate misbehavior and other manifestations of unsavory corporate culture, which begs the question of not only, “Where were the board and executive management?” but quite frankly, “Where is internal audit?” Perhaps more than ever, internal audit is faced with both a challenge and an opportunity. It is uniquely positioned to bring value to the organization by doing the hard work on the soft stuff — auditing culture.Anyone who was in the business world some 15 years ago remembers the debacles associated with organizations such as Enron, WorldCom, and Adelphia. (While all United States-based examples, similar debacles have played out globally.) People watched astonished, dismayed, and disgusted as the stories unfolded, revealing a world of alleged corporate misdeeds and misconduct that rocked global financial markets and saddled innocent employees and stockholders with irreparable financial damage. Financial pundits wondered how the controls designed to make this sort of malfeasance impossible could have failed so completely. Cynics nodded their heads knowingly and suggested that perhaps this would awaken naïve consumers to the ugly realities of corporate life and underscore the negative aspects of capitalism run amok. Surely, a decade and a half removed, we can breathe a sigh of relief and feel confident that this sort of corporate malfeasance is behind us. Sadly, given current events that are ever-present through every media channel, that is not the case. There appears to be no shortage of corporate misbehavior and other manifestations of unsavory corporate culture, which begs the question of not only, “Where were the board and executive management?” but quite frankly, “Where is internal audit?” Perhaps more than ever, internal audit is faced with both a challenge and an opportunity. It is uniquely positioned to bring value to the organization by doing the hard work on the soft stuff — auditing culture.

As governance and monitoring functions collaborate more closely to avoid duplication of effort, internal audit may be asked to take on responsibilities for risk management, compliance, regulatory oversight, and other governance activities. The chief audit executive (CAE) plays a critical role in navigating between internal audit’s traditional role and assuming responsibilities for risk management, compliance, and other governance functions. The CAE should be held accountable for preserving independence and objectivity, communicating with management and the board, and confirming management’s acceptance of risk to internal audit’s independence and/or auditor objectivity. To navigate through these competing challenges, internal auditors can look to The IIA’s guidance on effective risk management and control, and promulgated standards related to independence and objectivity.  

What do board members and C-suite executives view to be the top risks for their organizations this year? Not surprisingly, according to an annual survey from North Carolina State University’s ERM Initiative and Protiviti, regulatory changes, the economy and cyberthreats top their lists of concerns.