Bruce Turner – Future of Internal Audit – Howard Wiener Interviewer

Interview by Howard Wiener of Bruce Turner (first posted on CERM ® RISK INSIGHTS – reposted here with permission)

Bruce is an active company director and audit committee chair. He is a well-respected transformational leader with deep and broad professional governance, risk, compliance and audit experience. He was appointed a Member of the Order of Australia (AM) in the Queen’s Birthday Honours of 2015 in recognition of his significant service to public administration through governance and risk management practices, and to the profession of internal auditing.

He was a contributing author for Sawyer’s Internal Auditing seventh edition published in 2019, and his book New Auditor’s Guide to Internal Auditing was published the same year. He had two books published in 2020, Team Leader’s Guide to Internal Audit Leadership and Powering Audit Committee Outcomes. His latest book – coming out in 2021 – is Rising from the Mailroom to the Boardroom – 101 Building Blocks for Professional Career Development.

In a future article, Bruce will respond to some questions about the Forces of Change that we identified.  His thoughtful responses brought some additional questions to mind, which we posed to him.

1. It appears that the roles of Auditing, Risk Management and maybe some other areas are merging.  You mentioned that technology would displace internal staff, with which I agree.  Do you see whole disciplines and departments being reformulated?

In some organizations these roles are collaborating more which is important as there is a natural synergy … though the areas do not necessarily need to formally merge to do so. Where the areas do merge and the chief audit executive has broader remit than just internal auditing, then there are provisions within professional internal auditing standards that need to be observed. As the responsibilities of audit and risk committees continue to evolve (and broaden) then they will continue to challenge governance, risk, compliance and audit functions (and others that report to them) to collaborate effectively either through organizational design or professional cooperation.

• In an article I wrote recently, I envisioned increasingly powerful computing capability and AI-driven screening taking over the preponderance of audit tasks by passing all transactions through the screening process rather than relying on after-the-fact statistical sampling of only some of them.  Is this reasonable?

Yes, it is reasonable in organizations that have a strong digital platform. However, there are some global regions where this will be quite some years off. Where internal auditors do have the opportunity to leverage powerful computing capability I would rather see this being used to enhance the value proposition of internal audit (i.e. to help internal auditors boost their value and productivity, without the need to slash internal audit resourcing per se).

• If so, do you see Auditing migrating into the realm of the COO?  Do you see it acquiring more of a process design role than it currently has?

For most contemporary internal audit functions, a high proportion of audits cover areas that are typically under the control of the COO. So, I think it is unlikely and inappropriate for the internal audit function to report to the COO or someone under their control. The main reason is that the independence and objectivity of internal audit could be compromised – actual, potential or perceived – and independence and objectivity are fundamental tenets of effective internal auditing.

The scope of the internal audit activity is outlined in the internal audit charter and continues to evolve in line with changes in the broader business environment. Process design is certainly an area where internal audit can add value; in fact, when I was the chief audit executive at a rail organization about twenty years ago I had a multi-disciplinary internal audit team and this included a business process engineering expert. So, the concept is not new of itself. It remains one of the options in the auditor’s toolbox.

• Is a move toward blockchain and smart contracts going to have a significant impact on the Auditing function?

Any changes to financial transactions and the underlying financial instruments will have an impact on auditing, though this is likely to be more challenging for the external auditors. The audit plan for internal auditors is now much broader than the organization’s financial stewardship – which often represents a relatively small proportion of the overall internal audit work nowadays – so will have a lesser impact on the internal auditing function.

Five Key Takeaways

1. Internal auditors need to be mindful of the expectations on business leaders to deliver value to customers, invest in employees, deal fairly and ethically with suppliers, support their communities, and generate long-term value for shareholders.
2. Audit committees are increasingly talking about underlying forces that need special focus, such as the emergence of environmental, social and governance (ESG); supply chains; modern slavery; wage theft; loosening of red tape; sovereignty; globalization; and, quantum computers.
3. There are many new technological developments that will reshape the way businesses operate in the future through innovative methods, systems and devices, so data privacy and security will remain a primary concern for most people given the anticipated huge increase in the number of cyber-crimes and hackers, commensurate with the increase of internet usage.
4. Governance, risk management, compliance, assurance and audit professionals need to be innovative in what they do and how they do it to evolve from a hindsight perspective where they traditionally reported on the past, to delivering insights that help business managers now, and ultimately, they need to share foresight that helps business managers run the business in the future.
5. Lifelong learning will continue to be a prominent factor in how we develop, and how we constantly reinvent ourselves and the profession, with governance, risk, compliance and assurance professionals expected to embrace and champion emerging technologies and new ways of working.

Bio:

Bruce is an active company director and audit committee chair. He is a well-respected transformational leader with deep and broad professional governance, risk, compliance and audit experience. He was appointed a Member of the Order of Australia (AM) in the Queen’s Birthday Honours of 2015 in recognition of his significant service to public administration through governance and risk management practices, and to the profession of internal auditing.