| The core of every internal control system is the | | | | however, it is critical that education and training |
| integrity of its people, processes, and technologies. | | | | programs are implemented to improve the |
| There is little debate that the U.S. financial crisis, | | | | effectiveness of the internal audit function. These |
| caused by concurrent system failures, has had a | | | | programs will improve the capabilities of the |
| global economic and political impact. In the wake | | | | company's internal watchdogs to help identify and |
| of today's corporate scandals, bankruptcies, | | | | respond to risks that threaten the health and |
| media-frenzied bailouts, and the financial market | | | | vitality of the organization and its economic |
| meltdown, light is once again being shed on the | | | | ecosystem. |
| criticality of system risk and control over | | | | Although there are a variety of audit-related |
| processes and technologies. However, more | | | | certifications available, some are more notable |
| scrutiny is starting to be placed on the people | | | | than others. For example, The IIA's Certified |
| who are responsible for governing and managing | | | | Internal Auditor (CIA) designation, which has been |
| these systems. Because people are the most vital | | | | earned by approximately 80,000 internal auditors |
| part of any system environment, it is imperative | | | | worldwide, is The Institute's flagship certification |
| to have the right people - especially qualified | | | | and the standard by which individuals demonstrate |
| internal auditors - in the right positions performing | | | | their overall competence and professionalism in |
| the right activities. | | | | internal auditing. While other certifications touch on |
| INTERNAL AUDITING AS THE CORPORATE | | | | specific areas of specialization, the CIA |
| CONSCIENCE | | | | certification covers the broader range of |
| "Risk Governance is about three things: | | | | knowledge that internal auditors need to know. |
| understanding the limits of acceptable risk, | | | | "Becoming a CIA enhances your overall skills in |
| providing confidence and guidance to | | | | internal auditing, establishes your credentials, and |
| management, and anticipating events to set | | | | demonstrates your commitment to the internal |
| yourself up for success,"said Admiral William J. | | | | audit profession," says Angie Woodward, CIA, |
| Fallon (United States Navy, Retired), co-chair of | | | | CCSA, CGAP, CFSA, IIA director of certification. |
| the Blue Ribbon Commission on Risk Governance, | | | | "Even for individuals who are not planning to stay |
| in a Commission report, Balancing Risk and | | | | in internal auditing long term, earning the CIA can |
| Reward. In today's economic climate, the concept | | | | still add value to their careers by preparing them |
| of governance and risk management must evolve | | | | to meet a variety of management challenges." |
| from mere written principles into robust practices | | | | In addition to the CIA, The IIA offers three |
| within board and management processes. The | | | | specialized certifications: |
| IIA's International Standards for the Professional | | | | Certified Government Auditing Professional |
| Practice of Internal Auditing (Standards) defines | | | | (CGAP). This designation demonstrates an |
| the role of internal auditing in governance in | | | | individual's knowledge of the unique features of |
| Standard 2110 - Governance: "The internal audit | | | | public-sector auditing - fund accounting, grants, |
| activity must assess and make appropriate | | | | legislative oversight, and confidentiality rights. The |
| recommendations for improving the governance | | | | program's broad scope emphasizes the auditor's |
| process in its accomplishment of the following | | | | role in strengthening accountability to the public |
| objectives: | | | | and improving government services. |
| - Promoting appropriate ethics and values within | | | | Certified Financial Services Auditor (CFSA). The |
| the organization. | | | | CFSA measures an individual's knowledge of, and |
| - Ensuring effective organizational performance | | | | proficiency in, audit principles and practices within |
| management and accountability. | | | | the banking, insurance, and securities financial |
| - Communicating risk and control information to | | | | services industries. |
| appropriate areas of the organization. | | | | Certification in Control Self-Assessment (CCSA). |
| - Coordinating the activities of and communicating | | | | This certification is designed for practitioners of |
| information among the board, external and internal | | | | control self-assessment (CSA). Gaining the |
| auditors, and management. | | | | required knowledge of areas such as risk and |
| With respect to ethics, the internal audit function | | | | control models - often considered the realm of |
| is generally expected to serve as the corporate | | | | auditors only - exposes CSA practitioners to |
| conscience. Therefore, the posture of the internal | | | | concepts that are vital in effectively using CSA to |
| audit function must be such that it can influence | | | | help clients achieve their objectives. |
| the corporate "brain," which encompasses | | | | Other specialized certification programs also are |
| members of the board and management who are | | | | available to internal auditors. The Association of |
| the keepers of the organization (i.e., "body") and | | | | Certified Fraud Examiners' (ACFEs') Certified Fraud |
| trusted guardians of its well-being. As the | | | | Examiner (CFE) credential denotes proven |
| corporate conscience, internal auditing must be | | | | expertise in fraud prevention, detection, and |
| prepared to have open, candid, and constructive | | | | deterrence. According to ACFE, CFEs have a |
| dialogues with their boards and management to | | | | unique set of skills that combine knowledge of |
| not only comply with the Standards, but also to | | | | complex financial transactions with an |
| balance the scale between the organization's | | | | understanding of methods, law, and how to |
| financial and ethical performance. | | | | resolve allegations of fraud. Fraud examiners also |
| One of the more sensitive challenges internal audit | | | | are trained to understand not only how fraud |
| executives are confronting is how to bring | | | | occurs, but also why it occurs. Approximately |
| transparency to the board and management's | | | | 20,000 anti-fraud professionals have obtained their |
| personal values, which are an essential part in | | | | CFE credential. The Information Systems Audit |
| establishing the integrity and core values of an | | | | and Control Association (ISACA) offers the |
| enterprise. While the public sector continues to | | | | Certified Information Systems Auditor (CISA) |
| bring board and management transparency to the | | | | certification, which is a globally recognized |
| forefront of the reform agenda, there will likely | | | | achievement for those who control, monitor, and |
| be more focus on personal transparency among | | | | assess an organization's IT and business systems. |
| board members and management. The internal | | | | More than 70,000 professionals have earned the |
| audit activity should recognize and consider this | | | | CISA since its inception in 1978. |
| "inner" transparency when assessing governance | | | | Although internal audit certification currently is not |
| structures and processes, and promoting | | | | mandatory, audit-related acronyms are starting to |
| appropriate ethics and values within the | | | | find their way into the boardroom to help |
| organization. | | | | directors and management set standards to |
| PREPARING FOR THE CHALLENGE | | | | measure the competency and qualifications of |
| Internal auditors have an important role and must | | | | those professionals responsible for safeguarding |
| be educated and trained to effectively carry out | | | | the corporate conscience. |
| their responsibilities. An educated and skilled auditor | | | | LOOKING TO THE FUTURE |
| should be able to filter out the noise and sift down | | | | While we continue to endure the challenges of |
| to what information is relevant, reliable, and | | | | these tough economic times, it is important to |
| sufficient to support the reasoning for timely | | | | recognize that government regulation will cause |
| decisions and actions. The new generation of | | | | various degrees of change to governance and |
| internal audit professionals must strive to become | | | | internal control systems. Those organizations that |
| as wise as the board, as savvy as management, | | | | recognize this will not only be prepared to respond |
| as intelligent as the lawyers, as diligent as the | | | | to these changes, but also will be better |
| accountants, and as precise as the statisticians. | | | | positioned to sustain focus on strategic operations |
| Most notably, internal auditors must exercise fair | | | | that create value for stakeholders. As companies |
| and ethical judgment. | | | | embrace this ideology, we will continue to see the |
| Historically, there have not been regulatory | | | | trend of increased audit-related certification as a |
| requirements for internal auditing standards or | | | | means for organizations to evaluate and measure |
| certification requirements for its professionals. At | | | | internal control excellence and maintain a healthy |
| this time, it is unlikely that a regulatory rule would | | | | existence. |
| enforce definitive quality or certification standards; | | | | |