It occurred to me on the drive in this morning that, while I’ve been busy working on organizational deliverables, I’ve been neglecting my own personal development. I’m getting my paperwork in order for my CIA exam, the only designation that really reflects the necessary competencies to manage this work in the new SOX world. With this new designation in hand, I can be a) a counterintelligence agent that appreciates the shared acronym, or b) certified by the Internal Auditors Association and potentially a more intelligible agent of change. Getting my act in gear not only helps the business – giving the externals a bit more confidence with a CIA testing controls – but it also makes me much more marketable in this mixed up little world of controls.
I have to hand it to the CPA folks – great marketing of the designation, the IIA could learn a thing or two. Take a step or two away from the Internal Audit department and a few consultants, and the CPA looks like the logical background for this work, and going forward, I think it probably will be again. But controls haven’t been a big part of an externals’ game, unless they had gotten involved more heavily on the IT side.
To the person, I’ve yet to talk with a former auditor that looks back on their work and says, “Yes – I was a damn fine controls auditor.” Nearly every one has said that, as the external in the pre-SOX world, attention to controls only meant creating more work for themselves, so avoided it like the plague. No one paid attention to this piece of the work (or wanted to pay for many hours of it), and the audit meant getting busy with the work plan to test the numbers.
Retooling is the name of the game. Though I’m fortunate enough to be working with some really quality accounting pros, I’ve also had a number of conversations at large that tell me bulk price of Accountants at COSTCO is no steal. Unless folks have spent time in the twigs and berries of process design and controls evaluation, there is going to be a learning curve.
There is a reason that many organizations like to hire out of Internal Audit. These are generally professionals that have been able to bridge their public accounting experience and started getting really nitty gritty with process and controls. They have moved around the organization, and see the business as a series of interdependent systems. They know how to ask tough questions, and keep on asking even when it becomes a thorn for senior managers.
This is the skill set we need to be seeking out, and in all likelihood, figure out how to build. Financial professionals may not see the personal value right away, but will thank visionary managers that make this a core discipline. If you haven’t already bought it, you better start figuring out how to build it – you’re going to need it.
So, to the Big Four – feel free to keep your financial statement auditors until they’ve been through the process at a client or two, and understand what is expected to cross this magic line. I’ll be keenly interested when they’ve had the opportunity to learn their chops in someone else’s shop. Please steer a few my way that can talk about worst practices: I think there is more to learn in failure than success.
(The kicker is that, by the time the Big Four have manufactured SOX and control-oriented auditors, most public companies will have already certified, meaning that what they will really be needing is process improvement and system implementation people, not auditors. Hmm.)