Tuesday, March 27, 2012

IIA General Audit Management - highlights / action plans

Along with more than 1,200 other audit and compliance professionals, I had the pleasure of attending IIA's General Audit Management (GAM) conference last week in Orlando. The GAM Conference is the marquis training and networking event for Internal Audit executives, and as such provides excellent opportunities to interact with industry colleagues and understand the issues that are on the top of their lists for action.

Personally, I look for themes and even short sound bites from conferences such as this. Sequentially, the first memorable sound bite was Sunday evening, when IIA CEO Richard Chambers reported the results of the IIA's "Pulse of the Profession Survey." Richard reported that the two most sought after skills among Fortune 500 internal auditors are: (1) critical/analytic thinking, and (2) data mining and analytics. Being a firm that focuses on audit data analytics, that fits our sweet spot very, very well. Importantly too, his point was not only about the sought-after technical skill. Yes, knowing "how do I answer the question" is important, but also knowing "what is the right question" is critical. Asking the right question is the responsibility of audit and executive management, and is not purely a technical skill.

The second sound bite was from the same session Sunday, when Richard reported that 89% of audit executives are "definitely not getting the most from existing audit technology investments." Scary, but perhaps not surprising. Yes internal audit software vendors bring knowledge of how their tools work, but how well do they understand internal auditing? Have you been satisfied with the amount of industry knowledge and/or business acumen that your software vendor's implementation team has brought to your most recent project? Why or why not?

Finally, my favorite sound bite came from Audit Committee Chair Jim Brady during a panel on Tuesday morning on the relationship between Audit Executives and the Audit Committee. When asked "what keeps him up at night," Brady replied unequivocally that it was "Cybersecurity and Emerging IT Risks". This resonated with me because like audit data analytics, understanding Cybersecurity and Emerging IT Risks are not an "IT Audit job," but rather everyone's job.

What were your personal highlights from IIA's GAM Conference? Any sound bites more memorable than these. Plus please stay tuned for future posts on the importance of understanding Cloud Computing, Mobile Computing, and other Emerging IT Risks that we believe all internal audit professionals need to be more aware of.


Joe Oringel
Visual Risk IQ
Charlotte NC, USA