ERNL

I had the pleasure of attending the ECIIA conference 2022 – Internal Audit in a world of transitions held at the begining of October, in Brussels.

Around 625 participants from about 50 countries, and so many interesting topics and inspiring speakers present on stage.

It was my first big conference after pandemic, and although I felt a bit anxious about being around so many people, I was also excited about the opportunity of connecting again with other internal auditors across Europe, and of being a speaker  (wow! 🙂 ) at this conference.

The conference covered many current hot topics for IA, from the Future of Business to Operational Resilience, to the Impact of DORA (Digital Operational Resilience Act) on IA, experts talk on anti-corruption, anti-fraud, the importance of the collaboration between the 3 lines, and of the collaboration between internal and external audit, as well as the new risks in focus for 2023.

The impact of ESG risk management and the importance of radical reporting have also been discussed, as well as the geopolitical risks and how IA can assist the organization.

Cyber-resilience and the role of the IT Auditor have not been forgotten either, as an important aspect of an automation era.

Many of us wondered what the future of Internal Audit will be, and we learned that Gardener of Governance is a possible good label for us, as with the growing regulations is also growing our involvement in ensuring organizations do business in a sustainable way, and they take ESG serious.

Internal Audit continues to play an important role in:

  • Supporting external audit in providing reasonable assurance over the financial report, and not only on financial related matters (e.g., as sustainability is also emerging)
  • Providing independent assurance to the board that the relevant risks are adequately managed in line with the risk appetite and internal controls are effective
  • Providing independent assurance that the organization complies with the adequate legislation.
  • Advising the various stakeholders on best practices and scanning the horizons for upcoming risks.

The list above is not exhaustive, and the overall sentiment was that the role of Internal Audit is becoming wider, as organizations are faced with more challenges. There is also a sense that some internal auditors would like more clarity on the boundaries of their role, which might make it easier to perform their activities, while a few internal auditors might be happy to navigate the bleary boundaries, and craft their path within the organization, while still respecting IIA principles.

What was clear is that IA role is growing in scope, as organizations face more compliance demands and a fast-changing risk landscape, and this gives IA the opportunity to craft its role within the organization not only as an independent compliance assurer but also to grow its role as a trusted advisor.

In doing so, IA needs to enhance its collaboration with other functions, it can’t achieve its goals and deliver on its mission, in isolation but only working in collaboration with the other functions.

Collaboration, trust, and soft skills have been some of the top 3 words used when talking about the IA function of the future/present.

One of the questions raised during the conference was: what’s the role of the future internal auditor and what skills should him/her have?

What is sure is that in the world of automation, the repetitive and predictable internal audit tasks will get more and more automated, with the possibility that in a couple of years even the results of data analytics will be interpreted by machine learning/AI.

So, what skills does the IA of the future need?

The short answer is that internal auditors will need a variety of skills, and off course not every internal auditor needs all the skills, specialization will be highly recommended and required. However, there seems to have been one common and constant agreement between all speakers, and that is that technical skills are not enough anymore to elevate the impact of internal audit.

Human and Social skills (soft skills) are very important, and a must have/develop to be an Internal Auditor.

For Internal Audit to make a real difference it is required to work in close collaboration with many other functions: 1 and 2 lines, operations, strategy, legal, etc.

The other question asked was how can IA build trust and effective collaboration with the other functions?

What soft skills should an Internal Auditor have:

  • Active listening
  • Critical thinking
  • Ability to connect the dots, zoom in and zoom out (big picture and detail)
  • Empathy
  • Collaboration
  • Honesty
  • Open communication
  • Think outside of the box, or make the box bigger 😊
  • Be imaginative …. I leave it for debate how internal auditors could be more imaginative, I for sure believe there is space for more imagination and creativity in creating impact.


How can an Internal Audit function build Trust?

  1. Define IA function values (e.g., honesty, no surprise, open collaboration, fair challenge, etc.), share them with the rest of the organization and make sure you stand by them.
  2. Create IA statement aligned to organization strategy (how is IA role linked into supporting the organization deliver its purpose/mission), connect your internal auditors’ activities and roles to the bigger picture.
  3. Create an internal culture of support, where individuals’ diversity and unique skills are a source of co-creating results
  4. Engage with other function outside audit circle (create opportunities to engage with stakeholders in various way outside of the audit circle)
  5. Have a policy of no bad surprises, discuss issues as they arise
  6. Be courageous to share initial issues, be clear when they are not final, and more evidence is to be collected
  7. Be patient before we draw final conclusions, think, analyze, reflect, investigate the root cause.
  8. Be curious about what happens in the organization, challenges, success
  9. Listen to others’ challenges, success, ideas and be there to share what goes well.
  10. Brainstorm when needed to find solutions to current issues
  11. Connect the dots, the risks, the opportunities.


I personally see Internal Audit as the monitoring system of a car, you want the monitoring system to be well connected to all vital functions of the car, be up to date, and to give the driver timely warning in case anything does not work well.

These were some of my take aways from the ECIIA 2022 conference.

Curiosity. Learn. Question. Understand. Listen. Listen again and better. Collaborate. Challenge. Advice. Imagine.