Skip to Content

Mind of Jacka: More 'Standardy' Goodness

Blogs Mike Jacka, CIA, CPA, CPCU, CLU May 10, 2023

In my last blog post, Mind of Jacka: Objectivity and Independence, I talked about the proposed changes to the International Professional Practices Framework (IPPF) or, as it’s now being called, the Global Internal Audit Standards. There are discussions going on regarding many aspects of the new Standards, and I need to tread carefully lest I inadvertently put my head on any particular chopping block by taking any particular stand. However, there are three things going on in the new Standards that I really like. And, recognizing that even a pinky might get chopped off by sticking my toe into these waters, allow me to elaborate.

Continuing Professional Development

Let’s start with a question. How important is training to everyone within your department? Do you take it seriously? Or are you merely a flag-waver on the training band wagon who knows full well that you’ll be jumping off the minute money and time disappear?

When I worked at Farmers Insurance (years ago, and I’m sure things are now different) our annual plan always included 20 to 40 hours set aside for each staff member’s training. And, come year-end, it was seldom used. Good intentions paving a road to undeveloped hell. And I am willing to tell this story because I have seen the same thing occur in many, many, many other internal audit departments. They start the year with time set aside for training. And, as time and tide and budgets take their toll, training drops by the wayside.

What does this say about what you really think about training? “Gee, it’s a great idea, and it’s important to us, but, unfortunately, we ran out of time and money.” Running out of time and money is another way of saying “Training isn’t a priority.”

The new Standards would seem to reflect a similar concern. Under Domain II – Ethics and Professionalism – is Principle 3: Demonstrate Competency. “Internal auditors apply the knowledge, skills, and abilities to fulfill their roles and responsibilities successfully.”

Okay, nothing particularly new in this; competency has always been a part of the Standards in one way or another. However, the kicker comes with Standard 3.2: Continuing Professional Development. (And don’t get too wrapped up in all this Domain/Principle/Standard stuff. It is a hierarchy that is part of the Standards. If you’ve read through them, then you already know how it all falls together. If not, then take a read.)

“Internal auditors must maintain and continuously develop their competencies to improve the effectiveness and quality of internal audit services. Internal auditors must enhance their knowledge, skills, and abilities by completing at least 20 hours of continuing professional education annually.”

No ifs, ands, or buts about that one. If the department wants to be in compliance, every internal auditor must (must, not should) have at least 20 hours of training annually.

Amen #1.

Vision

One time I was providing training for an internal audit department and asked if they had a mission or vision statement. They all replied in the affirmative. I asked them what it was. The entire group of 30 people became deathly still. No pins dropped. No crickets chirped. No creatures stirred, not even a mouse. The only thing I heard was the sound of steam coming from the CAE’s ears. Seems she had gone over it with them the day before. One day later, and no one could quote it.

I didn’t blame them. Take a look at your own mission or vision statement. I am guessing it is a word salad of phrases and concepts from the IPPF’s definition, mission, and core principles of internal audit; a dash of the code of ethics; and a soupcon of well-placed nuggets from your organization’s vision, mission, and objectives. And I’ll wager that, as you finish reading it, you’ve already forgotten how it all began.

Show of hands: How many of you even know if your department has a vision/mission statement? Show of hands: How many of you can quote it without looking it up. Show of hands: How many of you have a statement that is less than 45 words long? (Not an arbitrary number. That is how long the definition of internal audit is in the IPPF. And I defy anyone to quote that particular definition without looking it up.)

And therein lies so much of the problem. Statements that are too long. Statements that no one can remember. And statements that are never shared with those working in the department (let alone with the clients.)

How is anyone supposed to understand why they are doing what they are doing if there is not an overriding vision/mission/direction — one that they know, can articulate, and can put in practice?

The new Standards include “vision” as a part of Standard 9.2: Internal Audit Strategy:

“The internal audit strategy must include a vision, strategic objectives, and supporting initiatives for the internal audit function.”

And that doesn’t end it; there are supporting considerations for implementation:

“The vision describes the desired future state — in the next three to five years, for example — of the internal audit function and provides direction to help the function fulfill its mandate. The vision is also designed to inspire and motivate internal auditors and the function to continuously improve.”

That is a pretty good articulation of what a vision statement should achieve, particularly one designed for the internal audit department.

Also note that the rather lengthy definition of internal audit that was proudly displayed as the third major section of the IPPF, while still in the new Standards, has been relegated where it belongs — in the glossary that contains all definitions. Not eliminated; just moved. On the other hand, the purpose (a succinct, valuable, albeit argumentative statement) is the header for the very first domain.

Ultimately, take a lesson from what has been done here and pare down your vision/mission statement to the basics — an elevator pitch if you will. And most importantly, if you don’t have one, get one. So the Standards would decree.

Amen #2

And what, you may ask, is Amen #3?

I’m sorry, but you’ll have to wait until next time for that. Let me just say that I believe this change to be one of the most important in the entire document — a change that brings to light a necessary but unappreciated aspect of our careers as internal auditors.

Mike Jacka, CIA, CPA, CPCU, CLU

Mike Jacka is co-founder and chief creative pilot of Flying Pig Audit, Consulting, and Training Services (FPACTS), based in Phoenix.