As mentioned in my prior post, this week I am reviewing the 5 generations of internal audit over its 80 years of existence from 1941 to 2021.

In Sawyers 7th edition we illustrated 5 generations of internal audit capabilities, which lead to IA product quality and value. Those generations are defined as follows:
1. 1941 – the Internal/External Auditor
2. 1970 – the Internal Control Process Auditor
3. 1990 – the Risk-Based Auditor
4. 2000 – the Risk Management-Based Auditor
5. 2015 – the Objective-Based Auditor

For those unaware, Internal Audit is uniquely served by one international standard setting professional association. The Institute of Internal Auditors (IIA). Today I begin with Generation 1. The IIA began in 1941 focused on training professionals, who would help ensure that external or public financial auditors would not find any errors when they showed up.

Value Proposition of IA: Find the errors before the public or financial auditors find them.

Auditor Skill Required: Certified Public Accountant and/or Regulatory standards experience.

Products and Services: Audit Reports with issues to be resolved. Expertise in reporting standards.

Position and Power: Internal Auditors practicing Generation 1 internal audit are typically part of the financial or legal department, potentially with some access to the Board through their supervisors’ approval. Little to no collaboration is required to create these IA products and services.

As of 2021:

• Very few internal audit shops are still practicing Generation 1 Internal Audit. Mostly because these types of financial and public reporting review have largely become part of management monitoring practices. Robotic process automation and AI will only accelerate this type of perpetual automated monitoring, shrinking IA Generation 1 value even further. However, accounting, and regulatory awareness remain core expectations of the internal audit skill set.

Observations and Opportunities

• Some Senior Leadership still assumed that internal audit is playing only the Generation 1 role and can often negatively influence internal audit value by reverting IA functions to this early beginning.
• Some countries unfamiliar with internal audit and some industries, like local, state and national government tend to remain at Generation 1 IA capabilities until directed to do more.
• A Generation 1 internal audit shop does not meet current professional practices or internal audit standards.

More details available in the IIA Foundation publication, “Sawyers 7^th Edition, Enhancing and Protecting Organizational Value.” #audit #riskmanagement #governance #collaboration #internalaudit