This paper examines the growing importance of internal auditing in the post-Enron business environment, drawing on both secondary research and a firsthand interview with a practicing internal auditor at a privately held mid-sized company. It covers how corporate fraud scandals and the Sarbanes-Oxley Act of 2002 transformed the internal audit function, the expanding demand for qualified auditors, compensation benchmarks, and the value of the Certified Internal Auditor (CIA) designation. The paper also explores the skill sets modern organizations seek when hiring internal auditors and the professional organizations and resources that support the field.
This study guide is drawn from PaperDue's library of 130,000+ paper examples across 47 subjects.
Over the past two decades, a number of changes took place that greatly altered the business world. Some of these were external, such as ever-increasing globalization, growing competition, and fast-paced technological innovations. However, some of the changes were internal as well. At the beginning of the millennium, huge cases of company fraud rocked the structures of many organizations. As a result, the entire auditing field was put on trial.
Enron and similar financial disasters made many companies think carefully about how to enhance their own internal audit functions. Organizations clearly realized they had to be more careful about aggressive or risk-taking accounting techniques and be mindful of the pressures to meet earnings estimates. They could not ignore risk management issues and had to follow up on audit findings once issued in order to determine the strength of financial controls. The bottom line: internal auditing needed to meet stringent quality assurance goals, just as any other company product or service does.
Although the role of internal auditor dates back to the 1940s, it has now taken on much greater meaning. What many considered an unremarkable position about a decade ago has become one of the most important aspects of a successful organization.
In order to find out more about this position in present times, the author interviewed the internal auditor of a local mid-sized family-owned business. Despite the fact that most financial concerns have been associated with publicly owned corporations, studies show that even smaller privately owned companies are at risk. Wells (2004) concluded that "small businesses remain the most vulnerable to occupational fraud because of three factors: They are the least likely to have an audit, a hotline, or adequate internal controls." Passage of the Sarbanes-Oxley (SOX) Act of 2002 raised the profile of internal audit staff at both publicly and privately held companies. Privately held mid-sized companies are thus adopting some of the SOX principles and turning to their present internal audit staff for help, or hiring new personnel to meet changing and growing needs.
Dalton and Dalton (2005) add that even a private firm not subject to SOX oversight — one operating in a state without parallel legislation and not subject to other regulatory guidelines — has a host of reasons to be SOX-compliant:
The company in this case study is farsighted in that it recognizes the value of prevention. Management also realized that if the company ever wanted to go public or acquire a public company, it would be accountable under legislation. Instead of relying solely on external auditors, the company decided to expand its internal audit department. It hired its current internal auditor a couple of years ago after an extensive search to find the right individual for the new position. A cross-functional search committee — including the human resources director and the CFO — was assembled to gather varied input. The search went beyond traditional qualifications normally required for internal auditors. For example, the company wanted someone who was just as comfortable in front of the desk talking with people as behind the desk crunching numbers. (Communication skills are becoming very important for internal auditors; see Smith, 2005.) The company also desired an individual who could think outside the box to evaluate and, if necessary, alter the status quo in auditing processes.
In addition, the company wanted a person who felt comfortable being part of a business team and who could communicate the goals of the department — making it seem less intimidating and more transparent to everyone involved. From a skills standpoint, the company sought an accountant or MBA with the Certified Internal Auditor (CIA) designation and three to five years of experience with another company in a management role. Equally important was a person who held a high level of professional and personal ethics.
This expanded role of the internal auditor presents a host of challenges for many corporate human resource departments. They must hire auditors who will take on new responsibilities and leadership roles, which require different types of skill sets that many internal auditors do not yet have.
The auditor interviewed for this paper holds a bachelor's degree in Accounting. During college, he completed a summer internship at an accounting firm in the auditing department and decided to pursue the field. He subsequently worked with another privately owned company for about five years, reporting to the internal audit manager. That organization was small enough that he was involved with most aspects of the internal control systems, including co-leading a newly formed committee in the midst of developing an international audit system. After nearly three years of experience in his internal audit role, he pursued the CIA certificate to advance his career. He also enrolled in an MBA program. His long-term goal was to be part of a team leading a progressive global organization.
He was excited about his present job from the initial recruiter call, primarily because of the reason he entered the accounting field — to play an important role in a competitive business environment. In college, he recognized the growing need for internal auditors: he knew auditors would increasingly be in demand as businesses became more complex. Even though individuals in this role once stayed in the background and out of sight, he understood that would no longer be the case. The corporate scandals confirmed his view.
His present position has lived up to his expectations. It gives him the opportunity to work with all areas of the company, including senior management. He enjoys being creative, multitasking, and playing detective when developing new auditing approaches. He is also pleased that the company's mission statement stresses ethical behavior. He was disappointed by the fraud that occurred at large U.S. corporations, viewing it as a blemish on America's international standing and as unnecessary greed on the part of already well-resourced organizations.
One of his first responsibilities at the company was to audit the auditing process itself — stepping back from the big picture to identify what the company had and had not been doing correctly in recent years. Questions that needed answering included: Are the right procedures in place for the necessary work to occur? Are the right messages being sent throughout the organization? Do those messages coincide with the company's culture? He worked as a team member not only on establishing the audit procedure but on other company planning as well — in addition to the more traditional, detailed work of internal auditing.
As with any position, challenges arose. Whenever someone new joins a company, some colleagues welcome that person enthusiastically while others do not, for a variety of reasons. A couple of managers did not see the need for bringing on another senior management person — especially one so young. Some employees were also concerned about what an enhanced internal audit department might mean for their futures. However, the auditor noted the crucial backing he received from the CEO and CFO from the very beginning, which was essential to his ability to move forward.
The auditor's prediction about the growing need for internal auditors proved accurate. According to the U.S. Department of Labor's Occupational Outlook Handbook, employment of accountants and auditors was expected to increase faster than all other occupations through the year 2014. The growth in the number of businesses, changing financial laws and legislation, and increased scrutiny of company finances were all expected to fuel that growth. Similarly, the expanding global economy was projected to lead to an increase in business ventures requiring more auditors for security, analysis, and management support. The amount and complexity of information managed by auditors — covering expenses, earnings, and taxes — would also increase. The ongoing growth of global organizations was creating greater demand for auditing expertise in international law and trade, as well as international mergers and acquisitions.
Following Enron and other financial scandals, Congress passed laws to curtail organizational accounting fraud. This legislation requires public companies to maintain established internal controls to guarantee the accuracy and reliability of financial reporting and analysis. Although private companies are not subject to the same legislation, they must be equally vigilant about financial crimes such as embezzlement, theft, and securities fraud. Computer and Internet technology is making such crimes easier to commit, and their frequency is rising.
Over half of the 400 respondents to PricewaterhouseCoopers' second annual "State of the Internal Audit Profession" 2006 survey said Sarbanes-Oxley led to an increase in internal audit resources. Thirty-five percent of those surveyed said they had expanded their personnel by 25% or more after the legislation was passed. However, simultaneously, 32% were actively trying to fill auditor positions that had been vacant for more than six months — the same proportion as in 2005.
"In today's operating environment, the demand for internal audit resources has increased much faster than internal audit capacity — a situation that raises serious concerns about the ability of internal audit groups to address higher-level risks facing their organizations," said the PricewaterhouseCoopers report.
The report noted the growing need for audit professionals with the ability to "evaluate and test internal controls, audit complex areas, address enterprise-wide risk and governance issues, and provide insight into the adequacy of financial controls." The study also found that half of the organizations surveyed were then using continuous auditing techniques, an increase from 35% in 2005. Another 31% planned to implement continuous auditing in the future. "This may be the beginning of a significant change in the way internal auditing has traditionally been done," said Dick Anderson, a partner in PricewaterhouseCoopers Advisory.
The following salary ranges represent approximate compensation levels for internal auditors in the United States at the time of this writing:
Internal Auditor I: Low — $36,589 | Median — $42,166 | High — $48,275
Requires a bachelor's degree; little independent judgment required; 0–2 years of experience.
Internal Auditor III: Low — $54,097 | Median — $63,007 | High — $72,764
Requires a bachelor's degree; wide degree of creativity and latitude expected; several years of experience.
Although the Certified Internal Auditor (CIA) designation awarded by the Institute of Internal Auditors (IIA) is not mandatory for internal auditors, a growing number of companies seek CIA candidates exclusively. Betty McPhilimy, the 2004–05 chairman of the board for the IIA, stated in a 2004 interview with the CPA Journal: "The CIA is the premier global certification for internal auditing — a crown jewel that we strenuously protect to make sure that it continues to reflect the appropriate priorities for internal auditors."
"PwC survey data on audit expansion and capacity gaps"
"Salary benchmarks and CIA credential requirements"
"IIA and key resources for internal audit professionals"
Always verify citation format against your institution’s current style guide requirements.