This year we have made excellent progress in adopting a revised vision and strategic objectives, while reviewing how we can best deliver on those objectives.
I am immensely proud that earlier this year we reached an important milestone – in March we welcomed our 10,000th member, growing evidence of the relevance of internal audit and the institute.
As we head towards a significant period of change, with Brexit high on the corporate agenda, it is essential for the internal audit profession, and the institute, to ensure that organisations understand and manage risk in the context of their strategic objectives.
It is our aim for internal audit to be recognised as a vital component of corporate success, and for the Chartered IIA to be acknowledged as a key enabler in achieving this. The immense value that internal audit can add is now much better understood, so we were particularly pleased to see that internal audit has been given a significant position in the Financial Reporting Council’s (FRC’s) revisions to the UK Corporate Governance Code.
Not long ago we ran our own member consultation and hosted six regional events to get your feedback on the FRC’s proposals. The suggested changes to the code are shorter and sharper and provide greater clarity for organisations on how they should promote good corporate governance. Corporate governance will remain a key focus for internal audit – the need for it was demonstrated again by the high-profile scandals we saw earlier this year, in particular the public outcry over events involving Carillion and Oxfam.
Another example of where the institute has sought to increase the demand for internal audit services and to improve the quality of its supply has been the Code for Effective Internal Audit in the Financial Services Sector, which we published in 2013. This was then reviewed by an independent committee under the chairmanship of Mike Ashley, chairman of the audit committee at Barclays. The revised FS code, published in September 2017 after a year-long consultation, has received an overwhelmingly positive response from not only the financial services sector but the profession more widely. The aim of the code is to improve the overall effectiveness of the internal audit function, help internal auditors protect their organisations from future financial services scandals and restore trust in the financial system. The changes to the FS code were relatively modest in scope, highlighting that it is considered by key stakeholders across the sector as being fundamentally sound and highly relevant.
The institute is now looking at developing a similar code to extend to other sectors outside financial services. This will require the support and engagement of boards and audit committees if we are to establish internal audit functions that really can help to protect assets, sustainability and reputation.
Our ongoing involvement with the FRC, the Prudential Regulation Authority (PRA) and the Financial Conduct Authority (FCA) is proof of the relevance of the internal audit profession, and indeed, the institute. We are continuing to work with the FRC’s stakeholder advisory panel, we are starting a joint project with the PRA on the relationship of their supervisors with internal audit functions of regulated firms, and we participated in the FCA’s Transforming Culture conference earlier this year.
We have also strengthened our relationships with our European counterparts, which led to the publication late last year of a well-received research report, “Risk in Focus”, highlighting the risks being prioritised by heads of internal audit. The risk most commonly identified by heads of internal audit of all nationalities and sectors is cyber security. This is unsurprising given the scale of the threat and the extent to which all organisations have come to depend on technology. This was followed by risks around compliance with the EU’s General Data Protection Regulations (GDPR) and the broader challenge of managing data. The pace of innovation was the third most widely cited risk concern.
All this work supports an increasingly strong profession, backed by an increasingly responsive institute. Our strong links with our members, the business community and regulators ensure that internal audit remains pivotal to organisational success.
One way we are recognising these successes is through our annual Audit & Risk Awards, which last year introduced the category of Best Use of Technology. Through these awards, the institute is seeking to recognise the best, and to encourage excellence, throughout the profession.
The groundwork we complete this year will ensure we can engage more effectively with our growing membership base. For example, we have developed new member communities, such as the Aspire group for internal auditors still at early stages in their careers, and Audit Leaders for heads of audit and their teams.
The Aspire community facilitates and empowers the next generation of internal auditors and provides networking and development opportunities for those starting out in their careers. Our renewed Audit Leaders service provides information, best-practice and guidance for heads of internal audit (HIAs), enabling them to understand complex and emerging risks by keeping up to date with technological, business and environmental trends.
We are continuing to focus on encouraging and supporting members to progress to Chartered Internal Auditor status and have seen an ongoing increase in the numbers of people taking the Chartered by Experience route. Interest in the Certified Internal Auditor (CIA) continued to be high in 2017/18 with 676 students taking the exams. In addition, IIA training ran 60 short skills courses on a range of topics. New courses included “IT auditing”, “Risk-based internal auditing” and “Improving audit efficiency”.
In the past year, the Chartered IIA has undertaken 25 external quality assessments (EQAs) and related assessments. As in the previous year, most organisations generally conformed to the International Standards. To keep delivering excellence, we have written more technical guidance and this remains a popular source of knowledge for our members, attracting on average 36,600 site visits per month and making it the most popular section of our website.
The introduction of the Apprenticeship Levy means that many UK businesses now have a pot of money solely for apprenticeships. To tap into this and to grow the profession, the Chartered IIA brought together a “trailblazer group” of employers at the start of 2017 to lead the creation of an internal audit apprenticeship programme. There are two apprenticeships being developed: internal audit practitioner and internal audit professional. To ensure they are developed with the support of the profession, we conducted a consultation to get views from all sectors and from organisations of all sizes. Both apprenticeships have been approved and will be launched this month.
During the summer and autumn of last year, we surveyed over 200 of our public sector members, asking them to share their career history with us to ascertain a better understanding of their professional journeys and the issues facing public sector internal audit in a challenging market. The research highlighted what future internal auditors can expect from a career in internal audit and the skills needed to be successful.
Another significant policy output was our report “Data Analytics: Is it time to take the first step?”. The case studies featured in this report provide valuable lessons for those considering using data analytics in internal audit methodologies.
This year we achieved our ambition to increase delegate attendance at our annual conference in London with over 450 attending. We hope to welcome even more delegates to our conference in November. We also had record-breaking attendance at our Irish, Scottish, Financial Services and Leaders’ conferences.
We are determined to grow a greater sense of professionalism in internal audit, whether by harnessing new talent through our apprenticeship scheme, developing existing talent through professional development or benefiting from the knowledge of experienced internal auditors.
The institute is here to guide and support the profession at a time when expectations of internal audit have never been higher, and we will continue to work to ensure that audit fulfils its potential and is acknowledged for the important role it plays in restoring public trust in organisations.
This article was first published in September 2018.