they are evolving. They must become knowledgeable about the complex issues af-
fecting their company operations. They have to identify risks that business managers
might not be aware of.
The internal auditor has moved from being a policeman or an indicator of what is
going wrong in an organization to being a member of the management team, which
ensures that the organization continues to grow and prosper. In order for the internal
audit function to generate benefit to the corporation, auditors have to help managers
assess risk and provide practical solutions to minimize those risks. Auditors can no
longer point out the problem and walk away from the solution. They have become
part of the solution.
If the internal auditor’s role changes to that of participating on the management
team, what does that imply about the perception of the function and its role in the or-
ganization by stakeholders? Internal auditors still have to assume a role that ensures
they are not part of the business and that they are independent. Yes, they will be in-
volved in making suggestions on managing the business and they will have to take re-
sponsibility for bad advice. This role should not interfere with their independence but
puts them in the position of being consultants to management in areas where they have
exceptional expertise. They will still have the responsibility for bringing bad news
even when operations management disagrees. Internal auditors will need to embrace
a code of conduct and ethical standards to help them in deciding what steps to take in
their dual capacity of both reporting on and advising to operations management.
At the same time, the profession must continue to grow. The requirements of in-
ternal auditing will continue to be refined and defined on a global basis. Certification
may become essential to fulfillment of the internal audit function.
The internal auditor, having reached a higher level of compensation and recogni-
tion in a corporation, must realize that with rewards there are risks. If the internal au-
ditors do not perform, not only can they be fired but also they may eventually be sued
by managers, the boards of directors, or regulators. If the internal auditor truly wants
to be an adviser just as the chief financial officer is, he or she must perform at a high
level and continue to grow with the corporation.
The good news is that the internal auditor has moved into a senior financial man-
agement position. The work internal auditors perform has been recognized as critical
to the success of companies for which they work. Their insight into the risk manage-
ment process is important, and their advice is sought after. The internal auditor is no
longer a detective, a necessary evil to prevent fraud. Rather, the internal auditor is a
trusted adviser who takes a proactive approach to risk management that progressive
managers have learned to need and benefit from.
It is clear that to deliver value internal auditors’ capabilities and resources must be
aligned with stakeholder value expectations. The adoption of best practices on a
global basis is particularly critical where the corporate organization is operating on a
multinational basis, be it centralized or decentralized, in order to ensure proper risk
assessment and effective control by top management.
SOURCES AND SUGGESTED REFERENCES
Flescher, D. L. The IIA: 50 Years of Progress Through Sharing. Institute of Internal Auditors,
- “Internal Audit Checklist.” Journal of Accounting, 1997, p. 91.
Internal Auditor—50th Anniversary. Institute of Internal Auditors, June 1991, pp. 1–148.
SOURCES AND SUGGESTED REFERENCES 32 • 15