As the business world changes at an accelerating rate, auditors need to keep up or risk becoming irrelevant and ultimately unable to provide the insight that will allow their organizations to succeed. That means they’ll need to continually add to their skills and knowledge. Ongoing, quality training focused on several key areas – including technology, communication, creativity, soft skills, and ethics – is a key component to providing value to the business.
“To stay relevant, we need to remain educated on changes in business in general and in audit processes,” says Gretchen Sutcliffe, director of internal audit with National Grid, a global natural gas and electric company. “Training is so important.”
This is true for auditors at all levels. Newer auditors gain technical knowledge they can apply on their jobs, Sutcliffe says. More experienced internal auditors tend to find greater value in exposure to new ideas and innovations.
Several trends are converging to make regular training essential for internal auditors. One is the rapid pace of change in the business world, driven in part by advancing technology, such as blockchain. Indeed, about 30% of respondents to Deloitte’s Global Blockchain survey said they expect their organizations to deploy a blockchain application within the next 12 months.
Ongoing changes in legislation and regulations also generate changes that impact auditors. According to a 2016 report from the Congressional Research Service, the Federal Register publishes between 2,500 and 4,500 new rules each year. Most industries will be impacted by at least some of the new rules.
The increasingly cross-border operations of many companies also make ongoing training more critical. As more organizations compete in ever-expanding numbers of countries, internal auditors “have to get up to speed on a wider range of compliance issues,” says Phil Benvenuti, director, internal audit with Pegasystems Inc. One example is the General Data Protection Regulation (GDPR) in the European Union (EU), he adds. The GDPR applies to organizations that process and hold the personal data of EU residents, whether the organizations themselves are located within or outside the EU.
“It used to be that when I went to training several years in a row, not much would change from one year to the next,” Benvenuti says. “Now, things change more quickly.” Training can help auditors keep up.
While auditing requires strong technical knowledge, critical thinking, communication, and other softer skills are in demand. Critical thinking skills topped the list of most desirable traits for more than 53% of respondents to our 2018 Internal Audit Priorities Report. Close behind, at about 49%, were verbal and presentation skills.
Why this emphasis? Internal auditors often have to ask their colleagues to go above and beyond their day jobs to accommodate the audit process, Sutcliffe notes. Once an audit is complete, they may have to convey bad news. In either case, internal auditors have to get the business units on their side.
Although it may not be apparent at first glance, internal audit training also should address creativity, says Glenn Sumners, director of the Center for Internal Auditing at Louisiana State University. He believes that for auditors to provide the insight that can help their organizations succeed, they need to look at things in new ways.
“Creativity is a discipline within itself,” he says.
This fall, Sumners will begin working with students on different methods to enhance creativity. One is the six-hat approach, which emphasizes focusing on one aspect of a problem at a time, to come up with workable solutions. One “hat” centers around the information the group already has, and the information it still needs. Another pertains to risks, or why a proposed idea might not work. Each discussion must stay within the “hat” before moving to the next facet of the problem or solution, Sumners says.
Without this discipline, groups tend to change focus too frequently and fail to follow up on new ideas that could prove successful, if given more attention.
“We want to see if we can assist people in becoming more creative, especially when they’re working in teams or group,” Sumners says.
Technical skills or expertise, and the training that can provide them, also remain essential. Nearly two-thirds of respondents to our 2018 report said internal auditors should have IT audit skills. One reason is the changing cyber threat landscape, Benvenuti says.
And unlike a decade or two ago, few companies have audit staffs dedicated specifically to cybersecurity. In part, that’s a result of the blurring between IT and non-IT controls. “We are continuing to see the integration of the traditional IT auditor and internal auditor,” says Joseph Mauriello, director, Center for Internal Auditing Excellence at the University of Texas, Dallas. This trend will continue, given ongoing developments in technologies like blockchain and robotics across industries and businesses, he adds. “I would recommend that auditors begin to develop an understanding of these key trends,” he says. Another area that will be critical moving forward is training that helps internal auditors effectively use tools like data analytics and artificial intelligence. “The goal is to review broader amounts of data or to analyze entire sets of data, rather than sampling,” says Denise Harris, general auditor for talent strategy with Bank of America.
Ethics and integrity have always been foundations of the internal audit profession. Yet as organizations today are scrutinized more closely, ethical slip-ups can dominate headlines. Slightly more than half — 57% - of organizations responding to a 2018 survey, Creating a Strong Culture Begins with Managing Fraud Risk, by Utica College and Protiviti, say they conduct ethics and fraud risk awareness training. While that’s a solid start, the organizations that don’t offer ethics training can undermine their own performance. As more companies operate across multiple countries and cultures, ethical decisions become less clear-cut, Benvenuti says. Training can arm auditors with information on different ethical models, aiding their evaluation of different decisions, he adds. And as the survey notes, authorities conducting a fraud investigation may question an organization’s commitment to building a healthy corporate culture if it doesn’t provide regular training on ethics and fraud. By offering ethics training, organizations are helping to “set the tone from the top,” says Keith Kawashima, managing director with Protiviti.
Both digital and in-person courses can be part of effective training programs. In-person training, of course, allows participants to ask questions and get immediate feedback. The networking available at in-person training often is just as compelling as the technical knowledge participants gain, Benvenuti says. “You leave with two to three contacts who become more than just links on LinkedIn.” They’re colleagues with whom internal auditors can exchange ideas and solve problems. Online or other web-based training, in contrast, allow for delivering quality training to geographically dispersed audiences. It’s also great for providing an overview on a subject. Protiviti, for instance, offers its employees web-based training focused on the digital changes underway within many organizations. While not a “deep dive,” it helps auditors know what questions to ask and when to involve a subject matter expert in a discussion or audit, Kawashima says. Whether the training is online or in-person, it’s the first step in an internal auditor’s development. “Training provides the fundamentals,” Sutcliffe says. “Then auditors have to apply it. That’s where the key is.”