Internal audit. The name leaves something to be desired, in my opinion, and unless you’re familiar with IA, it could be a bit confusing.
It also creates this false dichotomy with external audit that really doesn’t exist. Within the IA context, the audit of financial statements is supplemental and focused on only one risk: reporting risk. Granted, reporting risk holds a special place in the pantheon of enterprise risks, critical to obtaining and maintaining financing, but still.
Why is internal audit content with naming itself only in terms of where its practitioners reside in relation to the organization under audit? Seems quite narrow and vague. Given that IA concerns itself with all enterprise risks, it makes more sense to me to called it Enterprise Audit. This would also dovetail nicely with Enterprise Risk Management. ERM and EA, two sides of the governance coin.
Better branding in this manner would attract more and higher quality people to the profession as well. It sounds far more interesting and rewarding to be in the business of enterprise auditing than internal auditing.
What do you think? Is it too late in the game to make a change like this? Does it matter, so long as those in business understand the role and responsibilities of the auditors?
Some companies do come up with funky ‘cool’ names for their IA groups. “Risk and Control”, etc.
Yeah, we used to be called Risk & Control Services before my time here. Which is different, but even narrower I’d say!