My first introduction to world of audit was during my University placement where I worked at the Audit Commission working on Value for Money audits (economy, efficiency and effectiveness of public spending).  This started my interest in audit as a career as I enjoyed the concept of developing an understanding of a topic or process through analysing information, meeting a variety of people and formulating views and conclusions to recommend improvements.  

When I left university, I joined an accountancy firm to obtain a professional qualification. One of the early papers was on auditing, which I found really interesting.  A lot of this was based around analysing a scenario and with the purpose of identifying risks having an opinion on what could help reduce or mitigate that risk.  Whilst doing these exams I was much more interested in the analytical side of audit so I made the decision to go into Internal Audit.

My first Internal Audit role was at the Bank of New York, where I completed my ACCA qualification. This was not only my first Internal Audit role but also first time working for a large financial services institution.  The role completely lived up to my expectations – I was immediately thrown into the deep end and was meeting people and performing audits on processes that were all completely new to me.  There was a steep learning curve, but this was something I enjoyed about Internal Audit and has continued throughout my career. I realised that in Internal Audit you are encouraged to ask questions and develop your understanding - I love asking questions! 

There’s so much variety in Internal Audit, from speaking to different people daily, looking at different process, thinking about different risks, and working on different parts of the audit. And the more senior you get in Internal Audit, the greater the variety.

You really get to understand a company, a business and an industry because you are speaking to a range of people across the organisation up to Chief Executives.  As part of an Internal Audit role you get a holistic view and an understanding of how it really operates. Conversely you can become a specialist in an Internal Audit role if you want to – which opens up lots of opportunities. 

All of my roles have been in financial services. Financial services covers a range of types of firms and businesses and they can be very different with different risk profiles, but they all play a role in the financial services ecosystem. I’ve worked for different types of financial services institutions, which has helped develop my understanding of the market and how it operates and interlinks. The challenge is to understand how all those different businesses work, how they all fit in, and the differences in their risk profiles.

For example, my prior role at Legal & General focussing on investment management has a lot of regulatory risks and considerations and in addition, operational risk was one of the key risk categories. My current role is with a financial services infrastructure firm that offers an exchange platform so much of the key risk profile is around technology risks – information security, cyber, business continuity and resilience. 

If you’re moving around the financial services industry then the different risk categories are a real positive and learning opportunity whilst applying Internal Audit techniques and processes to help you fulfil the Internal Audit role effectively. There are always new things to learn anyway – be it new products or processes – so it’s always a big learning curve.

Internal Audit is also always evolving – especially in financial services. Regulation is always developing to match the industry developments, and you often have to deal with multi-regulator environments. In a UK and Europe you may have to consider, monitor and work with multiple regulators and varying expectations and requirements. It’s important to stay on top of developments so ongoing training and networking with peers is important.

Another positive – but also a challenge – is the multitude of different stakeholders that you have to manage. In Internal Audit you work closely with business teams, managers, executive management, independent non-executive directors, external auditors and regulators. There is an increasing amount of reporting to Audit Committees, Boards and management. Stakeholders and governance forums can have different priorities and perspectives that you need to capture and identify a response.  Therefore people skills and developing relationships are very important – building up stakeholder relationships over time helps you to have those hard conversations when you have to deliver a difficult message. Becoming that trusted advisor not only helps in performing the role of Internal Audit but helps support the organisation through providing value added insight and impact. 

As an internal auditor, you can really see how you’re adding value and helping an organisation reach its objectives through helping to manage risk.  We have all seen from market events and incidents, and experience of errors that can happened, what can go wrong and the impact this has.  

I feel that the profile, visibility and role of Internal Audit has evolved, and that’s made us much more involved with the business - we’re used more by management with requests for input and audit work, rather than waiting for us to find the problem at a later stage. Which is a good situation to be in!