Finance Blogs and Articles
  • All Technology
  • AI
  • Autonomy
  • B2B Growth
  • Big Data
  • BioTech
  • ClimateTech
  • Consumer Tech
  • Crypto
  • Cybersecurity
  • DevOps
  • Digital Marketing
  • Ecommerce
  • EdTech
  • Enterprise
  • FinTech
  • GovTech
  • Hardware
  • HealthTech
  • HRTech
  • LegalTech
  • Nanotech
  • PropTech
  • Quantum
  • Robotics
  • SaaS
  • SpaceTech
AllNewsDealsSocialBlogsVideosPodcastsDigests

Finance Pulse

EMAIL DIGESTS

Daily

Every morning

Weekly

Sunday recap

NewsDealsSocialBlogsVideosPodcasts
FinanceBlogsSome Internal Audit Wisdom
Some Internal Audit Wisdom
Finance

Some Internal Audit Wisdom

•January 26, 2026
0
Norman Marks on Governance, Risk Management, and Internal Audit
Norman Marks on Governance, Risk Management, and Internal Audit•Jan 26, 2026

Why It Matters

Dynamic audit practices enable organizations to anticipate and mitigate emerging risks, directly influencing strategic resilience and competitive advantage.

Key Takeaways

  • •Pinterest audit chief advocates continuous risk monitoring
  • •Agile assurance replaces static annual audit plans
  • •Internal audit creativity threatened by prescriptive standards
  • •Tailored audit programs align with fast‑changing businesses
  • •AI risk may reduce auditor judgment

Pulse Analysis

In today’s hyper‑accelerated markets, internal audit is shedding its legacy image as a periodic compliance checkpoint. Companies like Pinterest are championing a model where auditors maintain a constant pulse on business operations, leveraging real‑time data to adjust audit scopes on the fly. This shift mirrors consultancy SIA’s recommendation to replace rigid annual plans with agile assurance roadmaps that feed strategic intelligence directly to executives, ensuring that risk oversight keeps pace with rapid product and market evolution.

At the same time, a counter‑trend is emerging from within the profession. Dr. David J. O’Regan of the WHO warns that the Institute of Internal Auditors’ increasingly prescriptive standards are compressing auditor judgment into checklist exercises. The rise of algorithmic, “clockwork” auditing threatens to marginalize human creativity and moral agency, especially as artificial‑intelligence tools become more prevalent. Critics argue that this mechanistic approach can miss nuanced, forward‑looking risks that only seasoned professionals can identify.

For businesses, the implication is clear: audit functions must become both adaptable and insightful. Tailoring audit programs to the specific risk landscape of each organization, while preserving space for professional judgment, creates a resilient safety net that supports growth and innovation. Leaders who embed continuous, strategic assurance into their governance frameworks are better positioned to navigate uncertainty, avoid compliance fatigue, and harness audit insights as a competitive advantage. The future of internal audit hinges on balancing agility with depth, ensuring that technology augments rather than replaces human expertise.

Some internal audit wisdom

Norman Marks

I am an optimist in life and in internal auditing. I am less of an optimist when it comes to risk management, as I don’t see the same level of progress as I do when it comes to internal auditing.

Three articles caught my eye this week, so I am interrupting my planned series on politics to share them.

I hope you find wisdom in them and hope for our profession.

1. Wall Street Journal – Risk and Compliance Journal

“Pinterest Audit Chief: Seeing Around Corners to Protect, Support Business”

The “Audit Chief” is Ram Vijayanathan, who says:

“Operating in a high growth industry accelerates the pace of innovation and change,” says Vijayanathan. “The challenge that my team and I have is to ensure we are tackling the most important risks to the organization by providing valuable and timely assurance.”

This means regular and proactive conversations with a wide range of stakeholders across the business, as opposed to the scheduled quarterly touchpoints that may be more common in decades‑old companies operating in more established sectors.

In other words, monitor what is happening with the business, its environment, and its risks. Use that information to continuously update the audit plan. Even a quarterly update may be too slow to ensure you are auditing what matters now and in the future.

We hear additional wisdom from Robyn Mihin, a Deloitte & Touche principal:

“What is often underappreciated is that, while the principles and intent of internal audit and enterprise risk management are almost universal across organizations, the way in which a program is designed and implemented needs to be tailored to the specific organization.”

Vijayanathan is quoted as saying:

  • “I also see a world in which, instead of doing an audit ‘cold,’ the team is continuously collecting data that gives us insights, almost pointing us to where we should be focusing our audits.”

  • “The committee is looking for my team to provide assurance over the key company risks and strategies. It is very focused on things that could hinder the company’s ability to grow, sustain, and build our business. The insights we give the committee through our audit reports help them hold management accountable by, for example, offering insight into how leaders are managing various company risks.”

  • “What I have always done is cater our deliverables to meet the needs of the organization, which sometimes takes us down a path of operating in an advisory capacity until such time the company achieves maturity and consistency.”

2. SIA – Consultancy Firm

“Financial Risk Management Internal Audit: Assurance to Strategic Intelligence”

Key points:

  • Shift audit plans from static annual schedules to agile assurance and insight roadmaps.

  • Audit teams are now expected to provide continuous, forward‑looking insight that informs executive decision‑making and strengthens enterprise resilience.

  • The role of Internal Audit is undergoing a fundamental transformation. No longer confined to retrospective compliance testing, Internal Audit has become a strategic function by delivering insight, foresight, and assurance across financial, operational, and technological risk domains.

3. Risk Oversight (2024)

“Exclusive Interview: Dr. David J. O’Regan, Auditor General, World Health Organization (Americas Region)”

The interview eventually touches on points I find especially relevant:

“In my opinion, I see an alarming decline in the space for internal auditors to exercise their creativity, judgment, and moral agency.”

He notes that the IIA’s revised standards, while billed as principles‑based, are in practice prescriptive, squeezing individual judgment. He observes that internal auditors are increasingly filling out checklists and undertaking algorithmic auditing—a clockwork approach that heightens the risk of the profession being overtaken by artificial intelligence and other forms of machine processing.

I celebrate his emphasis on creativity and judgment, adding imagination to the mix. Stir in Mihin’s comment that internal audit needs to be tailored to the needs (today and tomorrow) of the business, and SIA’s focus on agile assurance, and you have a compelling vision.

O’Regan appears pessimistic, and unfortunately there is cause, as the IIA continues to pump out Topical Requirements in a drive for consistency when agility and flexibility are required.

But I see change—progressive change. In time, I hope that leaders of the IIA will catch up.

We need to deliver the valuable forward‑looking assurance, insight, and advice our organization’s leaders need for success – not documentation that merely proves we complied with a prescribed audit approach.

What do you think?

Read Original Article
0

Comments

Want to join the conversation?

Loading comments...