Sonia Shah
Sonia Shah is the financial regulation lead - ESG and Climate Risk, Governance and Operational Resilience at Grant Thornton

How did you come to be in Internal Audit?
After I graduated, I started my career in external audit at PwC. I did my ACCA qualification during that time and then I wanted to transition - not to traditional finance but into a consulting environment, where I could use the skill sets that I had gained from my external audit career - including the ability to look at the various systems and controls and risks which need to be in place. I’ve now spent part of my career in consulting and internal audit. The area of consulting matches well with what Internal Audit requires because looking at systems controls risk is crucial for any firm in any industry.
I wouldn’t say that my career has been accidental – it’s been shaping along the way. I think it’s been great because having had a strong grounding in external audit along with my ACCA qualification has really leveraged off what I want to do. The ACCA qualification means you don’t have to be in a purely finance role – it opens doors to so many opportunities. It’s how I have been able to shape my career to where I want it to be now, and it has given me opportunities to work in different industries as well – from technology firms to manufacturing, pharmaceuticals and financial services.
My current role in financial services involves working on financial services regulation. I talk to firms about the need to implement the current regulatory requirements for financial services. I’m able to leverage off all the experiences I’ve had to date when I speak to clients because what - and how - they implement the requirements, ultimately it needs to be audited. I go in with that Internal Audit mindset and explain that it needs to be possible for others to get assurance that what they have stated on paper has been implemented, actually has been implemented.
Along with that, I help clients in identifying what their risks are so that they can then apply the relevant controls. I’m able to think this way because of how I have applied everything I have learnt in my career and enabling me to drive it to where I am and what I do.
What do you enjoy about being an internal auditor?
What I find really interesting about Internal Audit is that as an auditor today, you need to think outside the box. You need to come up with solutions which a client can actually apply in their business as opposed to an idealistic theoretical response. I like that I’m really helping clients shape and improve their businesses as well. In the role I’m involved with, I meet people not just in different firms but in different roles they have within the organisation – from the Board to the C-Suite to middle management including investors and other stakeholders. Having an innovative internal audit mindset enables me to have relevant conversations at different.