The Value of an Internal Auditor

I get a lot of calls…

With a profile on Linked In, a worldwide network, and lots of well meaning friends, I get calls from headhunters almost every day asking me if I am interested in Chief Audit Executive type positions at both private and public firms all over the US. This is very flattering and a bit of a relief, since I know that if I wanted to, I could probably find this type of position somewhere, even though I am not a career internal audit professional. I am not even a career external audit professional.

If you read my profile here on this blog or on Linked In, you’ll see that although I started my career as an internal auditor many years ago at Continental Illinois National Bank and Trust Company of Chicago, and although I have worked closely with the profession while at a senior level at both Jefferson Wells and PwC, and although I have had the opportunity to speak at both IIA and ISACA meetings nationally and internationally, I am not a career auditor but a career professional services executive, a consultant and a very interested party.

So it is with great interest that I take these calls, for they provide me with much market information. If the right situation came along, I may be tempted but, knowing myself and knowing my history, it would have to be a very special position, one that could use a broad (no pun intended…) business executive rather than a career internal auditor. But one interesting thing has come out of these conversations and some interviews over the last year. I believe companies are still not valuing the Chief Audit Executive position and the Internal Audit function, either organizationally or financially, as I thought they would by this time.

In 2005, I gave a series of workshops for in-transition finance and IT professionals on Sarbanes-Oxley and the impact it would have on their career and prospects of finding new positions. Many of them had left former positions prior to SOx but had worked at a public accounting firm at the beginning of their career. However they were usually long past the detail work of an auditor.

I told them:

“The U.S. government, through the SEC and the NYSE, now formally recognizes the benefits to shareholders and the general public of an internal audit function for listed companies. The revised NYSE listing requirements state: “Every listed company must have an internal audit function.”

Right now many multinational organizations have a small or almost non-existent centralized internal audit function, even though the demand for their participation and expertise worldwide is at an all-time high. Many Boards are still full of insiders and non-involved courtesy members.

For companies seeking to build their internal audit/governance function with talented, experienced professionals who can implement complex risk management and corporate governance strategies, attracting the most qualified professionals is now an immediate business necessity. The type of person who will serve as a Chief Audit Executive now will be more of an “outside” guy than the “inside” guy that filled this role in the past. One retained search executive, who is nationally known in the profession, says that less than 10% of the incumbent Chief Audit Executives have the skills necessary to continue in this role given higher expectations for Internal Audit Executives to play a more significant role on the management team.

The Chief Audit Executive will be expected to interact with all business functions including and especially IT, will be more involved in improving processes, testing internal controls, preventing fraud, improving transparency and accountability for financial reporting, and responding to the demands from all stakeholders – shareholders, fellow employees, the community, customers, vendors, bondholders, bankers and the government.”

One of the necessities of a best practice Internal Audit function, per IIA Standards, is that the Chief Audit Executive reports directly to the Audit Committee and only, if necessary, administratively to another executive in the organization. The preference is the CEO. However, in the more than a dozen opportunities I have been aware of in the last year, all of them still have administrative reporting relationship to the CFO. In two cases, private companies both at the US$2 billion or so revenue level where the Internal Audit function was being built from scratch, the position reported directly to the CFO, with no mention of the Audit Committee.

Take a look at these searches by professional services firms for internal/external audit professionals:

Job Title: Internal Audit Director
Job Description: The Director is responsible for the development and execution of the strategic plan. This includes, but is not limited to driving development with the goal of significant growth and profitability; providing technical expertise; identifying, hiring, developing, managing, and retaining professional staff with appropriate skill sets; and maintaining and leveraging a network of clients and contacts. Business and professional development are the major areas of emphasis for this position; Provide innovative internal auditing and controls, and/or forensics, or construction audit services to clients in a range of industries; Oversee the following tasks: construction audit and advisory, contract compliance, COSO-based enterprise financial risk assessments, financial reporting audits, fraud and forensic investigations, information technology audits, internal audit co-sourcing and outsourcing, operational audits, regulatory compliance, and/or Sarbanes Oxley compliance.
Functional Area: Internal Audit
Jefferson Wells Office: Chicago Office Downtown
Degree Requirements: BA/BS
City, State Chicago, IL
Experience Desired: Bachelor’s degree in relevant subject area (accounting, auditing, information technology, sciences, taxation, finance etc.); Certification (CIA, CPA/CA CISA, CFA or equivalent) or advanced degree (MBA or equivalent); Minimum 12 years or more of clearly progressive, professional development in the general areas of internal auditing or related activities; Minimum 5 years in a leadership role in internal auditing or other equivalent relevant position; Experience in fraud risk management, fraud handling or litigation support is preferred; Ability to travel 20% per year.

The search firm that is working on this position has told me the salary range is
US$150-180k base plus generous bonuses and other benefits.

And this one…

Position Titles: AUDIT MANAGER & SR. AUDIT MANAGER–MULTIPLE POSITIONS
Locations: Atlanta, GA – Dallas, TX – Boston, MA – Chicago, IL – New York, NY – San Francisco, CA – Los Angeles, CA
Maximum Salaries: $150,000.00 to $200,000.00
Bonuses: Yes
Relocation Paid: Yes
Experience: 5 – 10 years
Education: 4 year degree required
Travel: 30 – 35%

Company Description:
The company entities are recognized as the marketplace leader among the large professional services firms in advising companies involved in M&A transactions. Clients range from the largest financial buyers and significant multinationals involved in complex cross-border transactions to mid-size companies acquiring or divesting assets.
Job Qualifications: Ideal candidates must have:
a. A four year industry related degree.
b. 5 – 10 years industry related experience.
c. 4 years external audit experience in public accounting (less than 3 years old).
d. SEC reporting experience.
e. Minimum 2 years of U. S. GAAP.
f. Ability to hit the ground running.

I got this one via a networking listserv. Notice the salary in relation to the experience qualifications.

So explain to me why the Chief Audit Executive positions in industry I am getting calls on have titles like “Director of Internal Audit” instead of “Vice President of Internal Audit” even when they are the top position in this function? Tell me why the salary ranges have never topped 150k (lower than what the professional service firms will pay for comparable professionals to service this same market), even on the East and West Coast? Why the position is still considered quite a bit lower in the organization and in financial remuneration than the CFO?

What’s interesting also is that, in a public company, the CFO is usually a listed executive and his/her salary and benefits are required to be disclosed in SEC filings. So it’s easy to see what the company thinks of the Chief Audit Executive versus the CFO. The CFO still sits at the C-level with all the benefits of that status and is listed in the Annual Report and all filings. However it’s impossible, in most cases, to see who is serving as the Chief Audit Executive based on publicly available information. Even though the Chief Audit Executive is actually a monitoring function for the Finance/Accounting organization as well as the rest of the company, the CFO is still the administrative lead on these roles and makes sometimes 3X to 4x what the offers are for Chief Audit Executives. There are exceptions, such as the structure Boeing has in place. There is an Office of Internal Governance which is a very senior position, and Internal Audit reports to this executive, separate and apart from any financial function.

Many companies have had significant challenges in complying with Sarbanes-Oxley. Since Internal Audit had in the past been a minor player in many and had suffered from outsourcing and cuts as a “cost center” rather than a strategic part of the management structure, this function was often ill prepared to support Sarbanes initiatives. Gradually companies are starting to rebuild these functions, however many of them have been without a senior seasoned executive for long periods or have a long list of issues and a competing set of priorities to address. Add to this the challenge of finding resources, whether for permanent hires or from their professional service providers and the job, in many cases, is a big one and a tough one. Yet, I have never seen an SEC filing or a NYSE sanction citing the lack of an Internal Audit function or the lack of competence and objectivity in an internal audit function as an issue.

Even in one of the opportunities presented to me, where the company had been without a Chief Audit Executive for almost a year while it was also under SEC investigation, neither their auditors nor analysts had ever publicly cited the lack of an internal audit executive and the weakness of the function as an issue. They also refused to consider giving a new Chief Audit Executive an employment contract. I always insist on it, and given current circumstances would have been glad to have it, but they didn’t see the position at that level and didn’t want to have to disclose any more than they already had.

Is it possible that Boards of Directors and Audit Committees, CFOs and CEOs and external auditors still do not see the Chief Internal Audit Executive and this function as anything other than “internal police” and a necessary evil, rather than a strategic part of the senior management team of a public or publicly funded company?