There are several challenges facing internal audit departments and still more facing the internal audit profession as a whole. Some of them represent opportunities as well as obstacles to overcome.

The difficulty in filling internal audit positions with talented candidates, for example, has led to increases in pay for many internal auditors.

The need to do a better job leveraging technology has the potential to free internal audit up to do more valuable and higher-level jobs, raising internal audit’s profile in the organisation. Internal audit is increasingly playing a bigger role at most companies but there are still many hurdles to overcome.

One of the major ones is meeting loftier expectations. We have to make sure our value proposition is delivering on those expectations.

The difficulties around staffing the internal audit department are well known these days: not enough qualified candidates with the unique set of skills required to be successful in the modern internal audit department. Salaries are also rising making it more expensive to find the right people.

The critical skills and attributes needed in the internal audit department include analytical abilities, business knowledge, ability to communicate well, integrity, courage, conflict management skills, and many others. You can’t be an auditor if you can’t handle conflict.

Among the most difficult of the challenges is building trust, especially since it can take a long time to build, but can be damaged in the blink of an eye.

There are a lot of steps along the way, but that trust has to be earned. Steps along the way to earning trust include being transparent, fair, candid, and personable. Becoming a trusted advisor includes being able to offer business units more insight and foresight than hindsight.

Along with the mandate to become more of a trusted advisor, there are other increased stakeholder expectations that internal audit must meet.

At the top of the list is providing more insight on risk and helping the company to be able to adapt to handle the forever changing nature of risk.

Among the risks that internal audit needs to be better equipped to provide assurance over are regulatory compliance, third-party relationships, cybersecurity, emerging markets, and IT governance.

To meet the challenge of providing more insight on such risks, the need to understand the business, forge strong relationships with business partners, and drive change.

Many internal audit departments admit they are struggling to find good IT auditors.

The solutions are to hire people with technology backgrounds and then teach them how to be auditors. 

Letter to the Editor, by Ndirangu Ngunjiri, Nakuru.