Culture Risks within Internal Audit

 In a recent Wolters Kluwer webinar on Talent, Culture, and Workforce Transformation in Internal Audit, Liz Sandwith highlighted the growing expectation for internal audit to provide assurance on organizational culture, ethics, and leadership resilience.

Equally important, she emphasized the need to turn the lens inward, examining the culture within the internal audit function itself. Because how we operate as auditors directly shapes the credibility and value we deliver.

Liz also shared examples of cultural risks within internal audit. One that resonated deeply with me was the “fear culture suppressing professional skepticism.”

In my long consulting career, I have seen firsthand how fear can erode the performance of internal audit teams, silencing voices, weakening challenge, and ultimately diminishing assurance. Sadly, this culture still exists in some functions today.

For over two decades, I have been calling on internal auditors to be courageous. I am relieved that this principle is now emphasized in the Global Internal Audit Standards. Yet, adoption remains uneven, and many functions have yet to embed courage as a defining trait of their culture.

It is time for internal auditors to break free from fear, embrace skepticism, and stand firm as guardians of integrity.

#InternalAudit #Culture #ProfessionalSkepticism #Courage #GlobalStandards

When oversight fails, trust takes a nosedive

 

The revelation that an Air Canada pilot flew for 17 years with fraudulent licences is more than a headline; it’s a governance crisis. Internal audit and compliance functions missed repeated opportunities to uncover the fraud, relying on documents rather than independent validation. The result? A fraud that persisted for nearly two decades, exposing passengers to unacceptable risk and eroding public confidence.

For executives and boards, the lessons are clear:

• Professional skepticism must be embedded into every audit process.

• Governance credibility depends on robust, independent checks, not blind trust.

• Aviation risk lessons remind us that continuous monitoring and real-time assurance are essential in industries where lives are at stake.

If internal audit cannot help detect fraud in time, governance collapses into guesswork.

The question for leaders today: Are your internal audit functions truly equipped to protect what matters most?

Do we need more skepticism in the age of AI?

 

Dr. Michael Shermer reminds us:

“Skepticism is not a position; it’s a process.”

That process feels more urgent and important than ever. AI can generate dazzling insights, but it can also produce errors, biases, and illusions of certainty. Skepticism isn’t about cynicism or rejection; it’s about critical inquiry, verification, and disciplined questioning.

In a world where algorithms shape decisions, the real advantage belongs to leaders and professionals who ask:

* What evidence supports this output?

* What assumptions are hidden in the model?

* Where could bias creep in?

Skepticism in the AI era isn’t resistance; it’s resilience. It’s how we ensure technology serves truth, not just speed.

Question for you:

Do you see skepticism as a skill we need to teach more actively in organizations adopting AI?

#internalaudit #risk #grc #skills #skepticism #ai

Being an internal auditor doesn’t stop at the office; it shapes who we are.

 As we conclude Internal Audit Awareness Month and celebrate our pride in being internal auditors, it is important to remember that every profession leaves its mark not only on our careers, but also on our personalities and personal lives.

Being an internal auditor doesn’t stop at the office; it shapes who we are.

The positives?
We bring integrity, reliability, and critical thinking into every relationship.
The challenges?
Sometimes our vigilance makes us overly cautious or skeptical with family and friends.

The key is balance: carrying our strengths proudly while softening the edges in personal spaces. Internal audit isn’t just a profession; it’s a way of living with trust and accountability.

Summary of the new Coso corporate governance guidlines

 The Committee of Sponsoring Organizations of the Treadway Commission (COSO), in collaboration with PwC, presents a set of 12 guiding principles designed to strengthen board oversight and governance practices across public, private, and not‑for‑profit entities worldwide. The publication emphasizes that governance is not a checklist but a framework for reflection, dialogue, and alignment with an entity’s mission, values, and long‑term strategy.

Purpose of the Publication:
*Provide a common reference point for boards where governance expectations are fragmented.
*Support effective oversight by clarifying roles, accountability, and information flows.
*Complement, not replace, existing laws, regulations, and governance standards.
*Offer illustrative practices for boards and management to adapt to their context.

COSO’s View on Governance: Corporate governance is defined as the structures and processes by which boards steer entities toward strategy execution and long‑term value creation, while ensuring ethical conduct and compliance with legal/regulatory frameworks.


How to Use:
Boards and governance professionals can use the principles to:
*Frame boardroom discussions and committee work.
*Guide assessments, refreshment, and director education.
*Align oversight with strategy, risk appetite, and culture.
*Strengthen stakeholder trust through transparency and accountability.

Guiding Principles (At a Glance):

1. Board Governance Structure: Clear roles, delegations, and oversight alignment.
2. Board Accountability: Fiduciary duties, disclosures, and stakeholder confidence.
3. Board Composition & Leadership :
Skills, independence, succession planning.
4. Board Effectiveness:
Continuous evaluation and adaptation.
5. Purpose, Mission & Values: Alignment with culture and decision‑making.Culture & Tone at the Top.
6. Ethical expectations modeled by leadership.Strategy & Performance 7. Independent perspective, monitoring execution.
8. Technology & Data: Oversight of digital practices and resilience.
9. Stakeholder Engagement: Balanced communication and trust building.
10. Executive Leadership & Succession :
CEO appointment, pipeline, resilience.
11. Executive Performance & Compensation:
Evaluation, incentives, accountability.
12. Risk Management & Internal Control:
Oversight of risk, assurance, and resilience.


Key Takeaway:
Effective governance is dynamic, integrated, and principle‑driven. Boards must continuously adapt structures, accountability mechanisms, and oversight practices to sustain trust, resilience, and long‑term value creation.

Link to full report:Corporate Governance - GuidingPrinciples | COSO

Note: this summary was geneate by AI

Internal Audit Month

 

Fraud Awareness Begins at Home

Fraud is not just a corporate or financial issue; it’s a human one. Every scam, phishing attempt, or deceptive scheme ultimately targets individuals and families. That’s why fraud awareness must start at home.

• Early Education: Teaching children and family members about online safety, suspicious messages, and too-good-to-be-true offers builds lifelong resilience.

• Shared Vigilance: Discussing fraud cases openly at home helps normalize caution. When one person spots a red flag, the whole household learns.

• Digital Habits: Simple practices, such as verifying links, protecting passwords, and questioning unusual requests, are as vital at home as in the workplace.

• Empowerment: Awareness transforms fear into strength. Families who understand fraud tactics are less likely to fall victim and more likely to protect others.

Fraud prevention is not just about compliance or corporate training; it’s about safeguarding trust, dignity, and security in our daily lives. When awareness begins at home, it extends naturally into our communities and organizations.