Internal auditors must keep pace with demands for transparency
Congress enacted the Sarbanes-Oxley Act in July 2002 to protect investors from the fraudulent reporting that was at the core of high-profile financial scandals in the early 2000s involving companies such as Enron, Tyco International, and WorldCom. SOX mandated strict reforms of securities regulations and imposed tough penalties on lawbreakers.
All publicly traded companies (and some private companies) were required to implement and report internal accounting controls to the Securities and Exchange Commission beginning in 2006. Executives who signed off on inaccurate data could face fines up to $5 million and 20 years in jail.
Under SOX, internal auditors’ roles became more important than ever. Internal auditors had traditionally worked in more quiet roles that involved responding to risks and suggesting changes. But with SOX, they needed to provide more insight into their audits, identify risks sooner, and update management if immediate action was necessary. Internal audit teams were forced to adapt or get left behind, with potential for costly penalties for those who chose the latter.
SOX has fundamentally changed the roles of internal audit teams by adding a sense of urgency across departments that were accustomed to fixing problems instead of identifying them. With recent talk from the SEC to limit SOX reporting requirements to only the largest public companies, many internal audit teams at smaller companies may feel less urgency to adapt their thinking and audit technologies to meet changing regulations.
Delaying implementation of any solution or service that is able to assist with regulatory compliance is potentially disastrous. Regardless of regulatory changes, financial transformation is happening across organizations, and they still need to rely on new technologies to streamline financial controls and reporting.
With expanded requirements for SEC reporting with the Inline XBRL format and improved digital data accessibility, internal audit teams need to keep pace with growing demands for financial transparency. This means internal auditors need to become agile business advisors who leverage technology to help their teams gain insight into the effectiveness of risk management across their organization.
Focus on critical thinking
A report from the IIA Research Foundation showed that critical thinking is the most sought-after skill by internal audit hiring managers. It’s important to not only make educated judgments, but to question personal biases and perspectives to reach the most accurate conclusions.
Critical thinking and reporting are how auditors can inspire confidence, both in their team and executives. Auditors can’t have a positive reputation in such a carefully scrutinized field unless they provide stakeholders with the information they need to make well-informed decisions.
Internal auditors must always look back at historical data to analyze what went wrong. But if auditors only look back, they’re missing part of their value. Forward-thinking auditors are able to provide management with real-time information and help them take real-time action. However, being able to provide real-time information requires a re-evaluation of technology and processes.
Upgrade your spreadsheets
Many internal audit departments are still using outdated audit technology. New software with capabilities for continuous auditing, real-time collaboration and automated approvals can propel teams forward.
Understanding and embracing technology is the key to improving the value of internal audit teams. By leveraging technology that automates the manual tasks that sap time and resources from teams, internal auditors have more time to provide the proactive, value-added insights that executives need today.
Internal auditors have been compared to private investigators — snooping around and looking for misdeeds. But that comparison is unjust. There’s real, bottom-line value to the work auditors do, and quantifying that to stakeholders is much easier if auditors have modern-day technology.
The internal auditor of tomorrow needs to be a strategic business partner, who not only identifies problems but also provides predictive analysis that will allow organizations to meet issues head on.