I studied business in university and was set on following in my father’s footsteps to become a qualified accountant. I found a graduate position as an Internal Audit Assistant with an accountancy firm in Cardiff which offered ACCA study report. I didn’t know much about Internal Audit at this point – it was the ACCA study support that attracted me. 

I shadowed Internal Audit colleagues for 6 weeks and was initially bewildered - I struggled to understand how they knew what areas to look at and what questions to ask the auditee. I learned about the relationship between objectives, risks and controls, and realised you’ve just got to get a feel for it – have a questioning mind, play devil’s advocate and develop an ‘auditor’s intuition’. I was thrown in at the deep end to go and do my own audit which was terrifying but I absolutely loved it and found it was the best way to develop my audit skills. 

I made the move from private practice to a Senior Auditor role within a Welsh health board, and in 2012 we became part of the newly established NHS Wales Shared Services Partnership.

The health sector is so vast and the variety of audits we do is so broad. As an example, just before the pandemic I was doing simultaneous audits of financial management and compliance with the World Health Organisation Safer Surgery Checklist. I went from one day being in a meeting with the Director of Finance discussing the accounts, to the next day being in theatre scrubs observing a surgical procedure and their pre-surgery processes! I don’t think anybody will ever get to a point where they have covered and know everything about this sector.

When I first started in Internal Audit, there was a lot of compliance-based work, checking adherence to regulations, policies and procedures. Whilst there is still a place for compliance work, audit plans are now focussed on more complex and often bespoke reviews that add more value for the client.  The way we do audits is changing too, with greater focus on the use of data analytics to audit large amounts of data and facilitate risk-focussed testing.

What I love the most about Internal Audit is that in addition to constantly looking at something new, it’s working with people at all levels of the organisation from frontline staff to the Chief Executive. 

Seeing the value that our work has for clients, supporting them to drive improvement through our audit insight, findings and recommendations, is hugely satisfying. We’re no longer viewed as “the police” of old – it’s much more forward focussed now, with more proactive client engagement and positive input in a ‘critical friend’ capacity, such as critiquing a proposed process change or audit representation on a group/committee, so we can support them to get it right first time. To have a level of engagement where people want to come to you for advice and support is hugely valuable to both the client and also to me as an auditor.