Every few years, a game-changing event materializes that generates a significant impact on the internal audit profession. Take, for example, the U.S. Sarbanes-Oxley Act of 2002 and similar legislation around the world enacted more than a decade ago. Usually, we immediately recognize the importance of such an event, the risks it creates for our organization, and how it will impact our internal audit functions.
When Sarbanes-Oxley became the "Next Big Thing" in internal auditing, almost all of us anticipated the call for immediate action. We sharpened our pencils, headed off for training, and renewed our focus on assessing the effectiveness of financial controls.
Because we promptly took action, we were well-prepared to provide assurance about our organizations' readiness to members of management and the board. We also stepped to the plate when COSO 2013 was released. But Sarbanes-Oxley and COSO 2013 both focused on internal controls; and internal auditors are control experts. When the Next Big Thing in internal auditing is not specifically about internal controls, will we be ready?
Well, heads up! The Next Big Thing is here for many companies and their internal audit functions.