In the first of two articles looking at internal audit leadership, an executive search consultant outlines what is required to be a head of assurance. The second article provides the perspective of a head of internal audit. 

The majority of FTSE 100 companies in the industrial and commercial sectors currently operate a combined risk and internal audit model. This is very different from financial services and other highly regulated industries where these functions are separated, while the not for profit and public sector space is different again. 

The challenge in this article therefore is not to regurgitate generalities or create a broad ‘wish list’ of a dozen key competencies required for these roles. Often when I see these lists they define a combination of abilities that are impossible to obtain in any one individual and some may in fact be incompatible. 

When we additionally consider the maturity level and status of different organisations’ enterprise risk management, audit and internal controls functions, even defining the best fit ‘assurance’ solution is complex. In the context of individual corporations it quickly becomes obvious that there is no ‘one solution fits all’ scenario. 

Consistent themes

Are there any consistent themes that we should consider when trying to identify the key competencies and skills required for these roles? 

When considering recent recruitment in the FTSE 100 outside financial services I believe there is a recurring focus. Executive boards are increasingly expecting a genuinely strategic vision from the head of assurance: this means the ability to interact as equals with the board and ‘talk their language’. 

I suspect many current leaders in both the risk and internal audit space would dismiss this comment, arguing that they have been fulfilling that role for many years. However, the facts suggest that is not the perception of the executives and audit committees who are recruiting for these roles. 

In the last 18-24 months a number of high profile FTSE 100 companies including Vodafone, Compass, GSK and Unilever have appointed internal candidates without specialist assurance backgrounds. In these instances the individual’s ability to operate at the executive level and their broader understanding of the business's ‘risks’ were the key attraction, while the technical assurance skills could be supplemented by more specialist junior team members. 

Perhaps more interesting, however, is the list of external appointments. These include the appointments of Big 4 external audit partners at Tesco and Centrica and Big 4 consulting partners at G4s and Smith & Nephew. There have also been a number of appointments of Big 4 directors/salaried partners in slightly lower profile roles. The theme amongst these external appointments appears to be the view that the required skill sets are not available within the existing population of FTSE 100 heads of assurance. 

Trend implications

What are the implications of this trend going forward? Depending on your default mentality, the optimists would say that it is extremely encouraging that main boards finally understand the value of assurance functions, particularly risk management, and its status will continue to rise in importance. 

For the pessimists, and particularly those already operating in the assurance profession, it does suggest that both practitioners and the representative institutes need to look very carefully at their current positioning and also make sure the education they advocate and provide is aligned with the current market expectations. 

Skills and competencies

I appreciate that the concept of ‘the strategic partner’ that we are describing still lacks a clear definition in terms of the skills and competencies that clients are prioritising. 

Without defaulting to a list of clichéd corporate speak such as gravitas, impact, vision, etc it will remain a very difficult concept to define. What is clear, however, is that organisations are increasing interested in individuals' ‘fluid learning’ capabilities and their ability to react to the unprecedented speed and scale of change that corporations now face. 

Employers are interested in how the individual analyses new challenges, interprets situations, the strategic drivers behind the actions they implement and most importantly, how they articulate their solutions. Previous assurance experience or ‘crystallised learning’ gained from similar situations no longer appears to be enough to ensure individuals are selected for these roles. 

Gaining this strategic skill set

Where and how do you acquire this ‘strategic’ skill set? Looking at these recent appointments it would appear that companies are seeking practical experience of operating at this level coupled with advanced interpersonal skills rather than academic qualifications such as an MBA. 

This experience could come from the job rotation where historically we saw heads of assurance holding line management roles in other areas of the business during their careers. We are also increasingly seeing more lateral movement of partners and directors, not just out of the Big 4 firms, but back into the firms, so individuals might consider this consultancy option which has the potential to broaden the perspective of the firm's partner group as well of as these individuals. 

Finally, I was reminded by a senior candidate that individuals have a responsibility to proactively educate the executive and audit committee in this area to develop their role rather than being caught out when expectations change.   

As a closing comment I would re-emphasise that the diversity in how these roles are interpreted by organisations means there are still many exceptions to the scenario I have outlined above. However, I do perceive that the firms I have mentioned could just be the early adoptors who are at the vanguard of the evolution of the assurance role. 

Guy Stacey has been working as an executive search consultant specialising in this area of the market for the past 20 years and is a director at IAC Search Limited and Internal Audit Connections Limited.