Internal auditors are the unsung heroes of corporations worldwide. These executives make sure that investors can trust a company's numbers and ensure that financial irregularities occur rarely, if ever. Internal auditors can also help companies' management mitigate the risk of accounting fraud.
They're that, and so much more - helping, for instance, to ensure that the long tentacles of a company's supply chain never become entangled, at least from a systems point of view, and that a company's wherewithal to withstand computer hacking is as robust as possible.
Read on to learn more about these increasingly trusted advisors and what it takes to pursue this career.
Internal Auditors: Then And Now
The demises of Enron in 2001, and other similarly deceitful corporations both in the U.S. and abroad led to the quick passage of the Sarbanes-Oxley Act of 2002 (SOX) in the U.S. - and, outside the U.S., variations thereof, either legislatively or by regulatory fiat. These rules require corporations to develop stringent controls, financial and otherwise, to eliminate the potential for so-called "financial irregularities", an accounting euphemism for the incorrect reporting of financial numbers, whether innocent or not. (To learn more, read Common Clues Of Financial Statement Manipulation.)
The Sarbanes-Oxley Act includes one provision that is especially chilling for chief officers: they must certify the accuracy of the financial numbers they present to investors and other stakeholders. If the numbers later prove to be inaccurate or fraudulent, those individuals can be held responsible (as can the corporation itself), making them potentially liable from either a civil or criminal perspective. Individual corporate officers risk paying enormous fines, and possibly even going to jail, if the numbers are wrong. It's no wonder, then, that internal auditors are the "can't-do-without" stars of corporate finance.
Nevertheless, smart analysts now rest easier knowing that internal auditors have vetted CFOs' numbers and that those numbers are not simply a fantasy that senior executives desperately want analysts to swallow. (To learn about the ways companies can inflate their figures, see Cooking The Books 101.)
Many people assume that internal auditing (IA) is only about corporate number crunching, and historically, internal auditing has focused first and foremost on controls: both financial controls and controls used to manage virtually any other non-financial process in a company, from manufacturing and information technology to human resources and privacy.
However, the goal of internal auditing is for executives to be seen first as risk managers, with a portfolio that extends well beyond checking the accuracy of financial numbers and the electronic and other systems that go into producing them. Controls have become simply a subset of a much greater set of issues that IA executives manage.
IA executives face the ongoing debate about how companies should handle enterprise risk management (ERM) - that is, the view that companies need to develop a single strategy for managing all of the risks they face, both those traditionally insurable or capable of being hedged through futures contracts and derivatives, and those that are not, such as reputation, operations, legal, human resources, supply chain and so on. (To learn more about ERM, check out The Evolution Of Enterprise Risk Management.)
An Internal Auditor's Career Path
Many students are attracted to the IA profession by the idea of helping corporations keep on the straight and narrow when it comes to producing truthful information about a company's financial health. Many are also interested in the systems and processes used throughout these giant organizations to keep their operations running smoothly on a day-to-day basis.
Since the major corporate scandals, a greater number of employers are seeking internal auditors. According to the U.S. Department of Labor, growth in accounting and auditor positions is expected to increase 18% between 2006 and 2016,
In addition to a bachelor's degree in finance or accounting, many companies require candidates to have an MBA, as well as the Certified Public Accountant (CPA) and/or Certified Internal Auditor (CIA) certifications.
After the SOX Act was passed in late 2002, the first assignment passed to candidates hired on as internal auditors for public companies often dealt with the nitty-gritty of SOX implementation. Since corporate scandals of the early 2000s have become more distant, this is luckily no longer the case. (How a company keeps its management in check can affect the bottom line. To learn more, see Governance Pays.)
The expected increase in jobs for IA professionals could mean a bright future for those who choose this career path. Although moving up in the field can involve some dues-paying work, IA also provides the opportunity to work with senior management and get involved in different areas of an organization. The job also includes opportunities for travel. Although internal auditing is not glamorous work, these professionals have become very important figures in any corporation.
For related reading, see Accounting Not Just For Nerds Anymore.