On Feb. 10, 2009, I wrote my first blog, "Chief Audit Executives Beware: We Are Entering One of Those Eras Again!" My message then is as relevant today: Chief audit executives (CAEs) must be continuously attuned to the risks their organizations face and to their stakeholders' expectations for internal audit. I concluded that inaugural blog with a list of "10 signs that potential trouble may be brewing for the CAE:"
- You are executing an annual audit plan developed from a risk assessment conducted six months ago, and no new audits have been added in the past two months.
- You increasingly find yourself arguing with stakeholders about why internal auditing should not be addressing specific new or emerging risks.
- The audit committee is surfacing more new risks to you than you are to it.
- Audit committee members are citing best practices they have observed in other companies with increasing frequency.
- Your CEO, chief financial officer (CFO), or audit committee chair is citing internal audit thought leadership that you have not heard about.
- You are getting a lot of pressure from your stakeholders to undergo an external quality assessment. An external quality assessment is a great idea and mandated by The IIA's International Standards for the Professional Practice of Internal Auditing — but it should be your idea and not theirs.
- Your budget/staffing is being reduced, and you are not even being asked about the impact.
- You find yourself on the audit committee agenda with less and less frequency.
- You are getting fewer and fewer phone calls and emails from key stakeholders.
- You discover that one of your peers in the CFO organization has just joined The IIA.
Even though that first blog was written 12 years ago, the message and "10 signs" remain timeless. A year of COVID-19 reaffirms that. The good news is that internal audit has evolved over the past 12 years, and that our profession is far more risk-centric, stakeholder-attuned, and agile than we were at the end of the century's first decade. I certainly do not take any credit for that, but I believe The IIA has been a beacon, shining a light on a path forward for our profession.
This is my 500th and final blog post as IIA President and CEO. I could have never imagined when I began "Chambers on the Profession" just how popular this format would become, or how widely my blog would be read and cited. In recent years, annual readership has routinely topped 400,000, and the blog has been regularly translated into multiple languages.
This week also marks my last as IIA President and CEO. As I noted when I announced my intent to step down last July, my decision afforded The IIA's Board "the opportunity to secure new leadership with fresh ideas and perspectives at a critical time. The association industry in general, and The IIA in particular, will likely look very different in the post-COVID era, and new, strong leadership will be instrumental in executing bold, decisive, and agile strategies to address this new frontier."
While I have come to embrace the term retirement to describe the end of my IIA tenure, in no way do I intend to retire from this profession. Just as I formally retired as a U.S. government inspector general in 2001, this milestone will simply signal the end of an important chapter and the beginning of a new one that is yet to be written. But I pledge to continue writing and sharing my perspective, including via a new blog to be launched in April. I also plan to remain active by partnering with organizations whose missions include advancement of the internal audit profession worldwide.
As I prepare to turn out the office lights one last time, I can't help but reflect on all the changes the world and The IIA have been through since my first day on the job. I have seen four U.S. presidents and scores of other global leaders come and go. When I assumed this job, I purchased a new iPhone 3, but there was no such thing as an iPad, and 3G technology was state-of-the-art. Smart watches, commercially available drones, self-driving cars, 3D bio printing, and electric car charging stations were not yet full realities. The internal audit profession was focused extensively on financial reporting, cost reduction and containment, and risk management assurance. Risks related to cybersecurity, corporate culture, big data, and artificial intelligence were not on many of our radars.
During my IIA journey, I have overseen the launch of the Audit Executive Center, Public Services Audit Center, Financial Services Audit Center, and Environmental, Health & Safety Audit Center; the Certification in Risk Management Assurance and Qualification in Internal Audit Leadership; the Pulse of Internal Audit series; the American Corporate Governance Index and OnRisk series; and two Common Body of Knowledge studies. I have been privileged to author four books for the Internal Audit Foundation, including my most recent, Agents of Change: Internal Auditors in an Era of Disruption.
I also have traveled more than 1.4 million miles, visited more than 60 IIA affiliates, and addressed more than 100,000 internal audit professionals around the world. I have helped grow IIA to more than 200,000 members and more than 170,000 Certified Internal Auditors (CIA) worldwide. I remain immensely optimistic about the future of our profession. The IIA, this year celebrating its 80th anniversary, is unquestionably the world's leading voice, standard setter, certifying body, and principal educator for the internal audit profession.
I am eternally grateful to have been part of this incredible journey. I thank each of you for listening to my thoughts, for your comments, and for your forever-valued support.