A

Nobody, nobody, I say this in front of students, knows an organization like an internal auditor.

B

If you've ever been to a conference and at some point you're like, I didn't really get anything out of that, or I don't have anything practical, tactical to take back and do. That's why we started the Audit analytics and AI Conference, because I can empathize. I did the same thing. That's cool. Can you show me how to do it? And so as part of the analytics and AI Conference, especially actually the spring conference that we have on May 20th this year from 9 to 4 Central, it's 9 to 4 Chicago time. We have six presenters, you can get seven CPEs, and it's some of the best presenters that we've had over the five years that we've been doing this conference. So these are the ones that I've seen personally, three of which for sure, I have gone back and watched their recordings, you know, months later to go, I know they did this thing that was really cool. Let me go back and watch it. So I can do it too. So there's no way that you won't have something you can actually do relative to analytics and. Or AI. So some of the fine folks we have coming back, Brittany McKinley, Brian McNally and Val Zappia from Elevations Credit Union, Macy's and Victoria's Secret, respectively, all three of those. I've gone back and watched their sessions from the prior years to see what they did so I could replicate it on my end. And then we have Paul Kerstein and Madeline Novelli from Vulcan Materials and they're going to show you how to use AI to build a, like a central hub of audit intelligence paired with a library of reusable AI prompts. So you can. So any auditor on the team can use analytics. We also have multiple people from the Williams Energy audit team. So they have a framework of using AI to do analytics, but then each one prefers different tools. So one person's like, I like Python. So they do theirs in Python. 1 likes R, they do it in R. 1 likes Power BI, they do it in Power BI. They also use data bricks. And so there's some functionality they do in databricks for SQL or even Python in there if they wanted to. So it's one framework that gets applied and everyone kind of interprets it and uses it differently. It's fantastic. And then the last of our speaker slots, so we have five. The last one we are having to keep a secret for now and hope to be able to tell you as soon as possible what that's going to be. But I think we can at least say it's going to be very innovative. All right, like I said, it is May 20, 9 o' clock till 4 o' clock central. You can search Audit Analytics Conference. It should be towards the top, if not the top. You can go to The Audit analytics conference.com links are in the show notes. You can go to my page on LinkedIn. Trent Russell, find me. There's links there if you follow me. It's pretty hard to miss some of the posts that we're going to be putting up for the Commerce this year. So this is probably the most exciting I've been about this conference since the very first one that we did. All right, hope to see you guys there. Thank you. Hello everybody. Welcome to another episode of the Audit Podcast. I'm your host, Trent Russell. Today on the show we have President and CEO of the iia, Anthony Puyazi. I think most of us probably know Anthony as President CEO of the ia and so a lot of the context that we see him through and get to hear from him is through audit related activities, IA related activities. And so we often ask some kind of, you know, what's in your browsing history or a favorite like prompt for personal use or something like that. And so we did that with Anthony just to again try to get an understanding of like who Anthony is beyond what we all see and dive into that a little bit to kick the show off. And then Anthony's five year anniversary as a President and CEO of the IAA is in March, which we should have already published this one by then or during that time. And so we just kind of have him walk us through the last five years, kind of the highlight reel of what's been going on, things that Anthony and his team have accomplished. And then there's the, so Anthony mentions the Pulse survey, but then there's also the 2026 risk in focus survey as well as the Audit Board report that they did in conjunction with the IAA on AI fraud. So we can link to those. But then also we ask Anthony, like give us a couple of takeaways from those. What, what are the one or two things that we should keep an eye out on, start to look for the trends in those as well. One of the main reasons I had Anthony on was talk about the Global Audit Committee Center. When I saw this announcement, I thought that's fantastic. Let's try to get as many people aware of this as possible. So if you're not familiar with it, keep listening because Anthony talks about it, what it is, who should join, benefits, value add, how does it work, all that kind of good stuff. And if you're thinking Global Audit Committee center, maybe I don't. I can't participate that in some degree, if you listen to Anthony's answer to our questions, you'll realize that all are applicable. Similarly for Vision U. So those aren't familiar with Vision U. I will speak to this one a little bit. It's for new and aspiring caes, and it is very much a legit program. And so I got familiar with it, I think in the past year or two years. So I just want to have Anthony speak to that a little bit, promote it a little bit more. I think having more and better, maybe for lack of better words, better CAES is what's going to help drive the profession forward, help change the perception, which is another thing Anthony talks about. So really looking forward to more people participating in that. And then we kind of close on what the next few years are going to look like. So we start with highlight reel from the past five. What are the next five going to be? What can we look forward to there? And then a question that we often ask guests, and this is the one we close on, is, Anthony, if you could grab every auditor in the world by the shoulders and tell them to do just this one thing, what would that be? So stick around for Anthony's answer to that. With that said, here we go. What's in your Internet browsing history? We all know you as the IA President CEO, but I'm assuming you have a life outside of that. What else is going on in your world?

A

Yeah, it's a big part of my life. But I guess if I were to think what's in my Internet browsing history that I'm going to share there is an awful lot on travel and it's not just because I'm trying to get an airline ticket or something. I get genuinely very interested in where I'm going. Like I was recently in Cape Town and you know, that's the beautiful city. It's one you hear about your whole life. Like it's such a beautiful spot and it was. But I don't really know what to go see. So I needed to research well beyond the work that was part of it. I'll be in New Zealand later this year and I'm actually, that's kind of a bucket list place for me. There's a big national conference being held there. So I've been looking at that one like, what am I going to do on the day or two that I have to myself? But there's a lot of that. I have two twin daughters. They're 15. So I know you have kids. There's a lot on, like, you know, what am I supposed to do in this situation? Or when should they start dating and how should driving begin? How much your allowance is now, because, you know, 10 bucks doesn't seem to go a long way. But a lot of that. Maybe a little more personal. One of my strange hobbies. I'm a big movie buff, and I crosses every genre. And sometimes I find myself going down that rabbit hole of looking at movies and then researching them and figuring out which ones won an award. It runs the gamut from silent films all the way to current. And I can go horror, sci fi, drama, you name it, and it's fun for me. And I'm also somewhat of a history buff, so that can correlate a little bit to the. The travel comment I made earlier. And I guess the last one, just to show I'm not only internal audit, is as a kid, I guess I was a big comic book collector, and it was more DC than Marvel. I always get that question. So I actually find myself peeking at stuff on that because there's so much attention that wasn't there when I was a kid to that topic. You know, it's like, if that had been around as a kid, I'd probably even still be a big collector. But anyway, that's a. That's some of the stuff that's sitting in my browser history. And then the rest, probably internal audit stuff.

B

The Marvel, like, Wikipedia page, I took some deep dives on that when it first came out because I didn't read comics. But, like, there was the X Men cartoon and the Spider man cartoon, and those were Saturday mornings. Like, that was must watch TV for me.

A

Oh, yeah.

B

When I found like. And I realized, like, they would even show, like, family trees of, like, which ones were related to all of them. And so I've. I've taken that dive, too.

A

I did the Saturday morning thing as a kid, too, but I can promise they were probably different. There was. There was Shazam. There was the Incredible Hulk, was a Friday night, actually. Those kind of shows. Watching them now, my kids think those are the worst special effects I've ever seen. I'm like, but when I was a kid, that was really cool. That's more of a YouTube binge, I think, when I start looking at those.

B

Yeah, the. The Incredible Hulk ones were awful.

A

I Know, like. And you look at the ones now, they're just a hundred times better.

B

That was what? Luke? Luke.

A

Yeah.

B

Yeah.

A

And what was the guy? Bill Bixby was the. The David Banner guy.

B

Okay. The. Yeah. The kid advice thing has been pretty interesting to look that up. I mean, even I kind of smiled when he said that because my kid got in trouble at school the other day, and it wasn't anything terrible, but it was like the first one where the teacher was like, we're super surprised. We didn't expect this out of him. And so I had to do a little Reese, because immediately, like, you're just mad, you know, like, what's wrong?

A

Have I done wrong? Yeah.

B

And so, yeah, Chad GP specifically talked me off a ledge and kind of told me what to. How to handle the situation with kids.

A

You have this 10. I have a tendency of, like, it snowballs. Like, it could be something as they refuse to do their chores. And I'm like, oh, my gosh, how are they ever going to hold down a job? How's that ever going to work? And then you're looking. They're like that. That is the most common thing, is to nag teenagers about chores and. And chat. GPT actually gave me an explanation of the development of the brain and why that happens. I'm like, that's great. I feel much better now.

B

Okay. Yeah. We still cannot get him to remember to feed his fish every night. But you're saying that's okay. He's going to be. He's seven. And the fact he's not consistently feeding his fish, he's probably going to be all right.

A

The teenage years are going to be harder, but the chores get more complicated. You know, do the dishes, do your own laundry, stuff like that. You know, you go and you see all the whites mixed with all the colored clothes, and it's on hot. And you're like, oh, no, I told you not to do that. But yeah, it gets a little more complicated as the tasks get more complicated, but it's completely normal. Even like every day.

B

Reminding them is normal parenting advice for all those in the audience listening right now. Yeah. Never really know what's going to come up in these things, so. All right, well, I appreciate that, Anthony. Get a little peek about what you do in your. Your off time, realizing I think we're going to be publishing. So this is February for those that care. And I think we're publishing yours in March, which is going to be. Is that five years for you?

A

Five years. I was hired in December of 20 started March 5th, 6th of 21. So yeah, five years.

B

Five years in. What's the highlight reel over the five years? Also, congrats. Oh, thank you.

A

I mean truly has flown by. It's hard to even think it's been five years. You know the old adage when you're having fun, which is really true I think, you know, if I look back on five years of in literally no particular order, I think, you know, the launch of the new standards was monumental and it was a big chunk of that time and I felt like with my involvement in standard setting in the past with other organizations to, to totally start over and rewrite them and to get that done with 100 and at the time, 115 countries weighing in on it. Getting it done in less than three years was extraordinary speed given it wasn't just updating or an edit, it was a rewrite. But the standards were a big deal. I think the Vision 2035 research was a big chunk of time. We took time to do it. We wanted to make sure we had the right composition of responses including non internal auditors, students, academics, legislators in some cases and regulators. But that was really helpful and it came with a lot of revelations that we found very important like how many second line functions are reporting into internal audit now. You know, we've invested a lot as mentioning to you before we started the discussion here. Growing our network to include more countries is a process. It takes time because we want to make sure it can be self sustaining, but also that it's got the right resources to support members. And, and we always strive to make sure, you know, whether you're a member in Pakistan or a member in the us you're getting at least an equivalent level of service from iia. And sometimes there's assistance we provide, sometimes they're ready to go without us. And we just have to make sure the governance is okay. But that was a big focus, the North American chapters making sure that we were doing things differently. We rely on them so much. They do such a good job. We had to make sure we improve what we did. And we've also grown our principal partner network. And that's an important thing to us, not just because of revenue, but because their voices are so loud in the profession. You know, like the KPMGS and the Protivities and Audit Board where they are out there and we want to be on the same messaging place with them. And growing that network has been very invaluable, particularly when we rolled out the standards and things like the challenge exams and so forth. So that's, that's a few of the things I can think of it. We revised the CIA exam. We've done a lot of reorganizing of the office here, the headquarters, or if I'm not in the us I'll call it global. If I'm in the us I call it our headquarters. But there's been a lot of changes to reflect our strategic plan and making sure that it's aligned in a way that yields results. So, you know, there's been a lot, a lot of it's been, you know, less than fun. Some of it's been amazingly fun. And let's, let's see what the next five plus years will bring.

B

You mentioned the strategic plan and I think and the new standards, I'm going to tie those together because there's the call for strategy within internal audit, which I think is like one of my favorite things I saw in there. I'm like, yes, we need that. And so being the position you're in in the IA and having your hand in the strategy, is there any like high level guidance advice? Just strategy in general, not around Strategy that for CAEs or anyone else that's putting together, like have to put together this strategy for our team or like this tech strategy. Anything along those lines where you could go, hey, here's focus on this. If you get down into the details, that's great. Come back up and here's where the focus should be. Any just guidance in general you could pass along.

A

It actually is reinforced, what I'll say is reinforced by our Pulse study, which hasn't been released yet. So I'll give you a glimpse into it. And we have found that teams, internal audit teams that align their work to what you know, the board of directors, audit committee, management is worried about tends to be teams that get more funding, a lot more funding. And it's also intuitively a better way to demonstrate value. You're looking at things that they're worried about and that hasn't always been the case. We've been some cases, very traditional. You would look at internal controls over financial reporting and that's very important. It will always be probably a part of our profession, what we do. But aligning closer to what boards are worried about is important. And that's some of the reasons our topical requirements are selected the way they are. Like cybersecurity. Every board around the world is worried about that, particularly now with AI, organizational resilience or behavior, third party risks. The pandemic brought that problem home. When you're not ready. But aligning the work an internal audit team does to that is extremely helpful to the team, but also shows value and it leads to not just perception, but the reality of the importance of internal audit and the way it's changing so much. So we have find with evidence that that tends to get more funding for the team, but also elevates the team and gives us a seat at the table. And the more we do that, the more we'll be asked to do other things. So I find that exciting. And our research which will be released next month, we'll, we'll share that as well.

B

Okay. Next month I was going to ask. I don't put your, you know, I don't want to hold you to it, but roughly when people could expect to get that. So we're going to say March it should be.

A

It's, it's funny I just asked that. We said we're hopefully by the beginning of the second week of March. And the only reason is we got to line up, you know, the communications plan and we want to showcase it at gam. So it'll be the first preview there, but that'll be just the audience that's attending. But after GAM it'll be full throttle through websites. I'll post it and it'll be available and we'll make sure we communicate it to everybody. Pulse is North America only, so it's the United States, Canada and the Caribbean. So we'll have those three where we'll push it the hardest. Our global one is called Risk and Focus and that one was released already earlier this year. So right after GAM in this coming month, we'll have it out.

B

Okay. And like I said, I think we're publishing you post gam, so it should be out ish for those usually, I mean we try to link to in the show notes. So if it's out before the show comes out, we'll try to put a link in the show notes now that

A

I've just recorded saying that I'm going to make sure it's out for everybody.

B

Yeah, now you have to.

A

Yeah, I'm pretty sure it will be. Yeah.

B

Okay. Two other kind of surveys and research that's been done. So one, the 2026 risk in focus and then the joint one you guys did with Audit Board, the report on AI fraud. Any takeaways high level from those that you could share or also I think the one from Audit Board is intuitive AI fraud. You know, I think we all get what that one's about. Maybe Start with speaking to what is the risk in focus 1 for 20, 26. That's what we were just talking about.

A

Yeah, risk and focus. I mean it's, we ask 120 countries around the world, we always get thousands and thousands of responses, which gives us a lot of credibility to the report. But generally in both of those reports actually we found that cybersecurity risks related to AI is top of the list. And it creates a lot of opportunity for internal audit as much as it does risk for organizations. But that's a big one. But if I turn to just risk and focus, I think the biggest finding in that, and there were a lot, the one that stood out to me was the fact that geopolitical risk, which is not a far fetched notion, has come way up on the list. It's now in the top five and it was one in the past where we saw in the top 20, maybe toward the bottom. And obviously with what's happening, whether we're talking tariffs or other supply chain issues that are being disrupted or other issues that are being created from a myriad of governments not picking on anyone in particular. But geopolitical risk is very important right now. And internal audits, being asked to pay more attention to that and do scenario planning around it. And what if this, then what are we going to do? So that one was a big one. It jumped 20% in one year. So that's a, that's a huge leap coming right, right after cyber and some like disruptive technology. It's right up there. So that was a big one. And I think if I were to look at the one that we did with Audit Board, it was really that, you know, 85%, I think it's 84, 85% of everyone surveyed saw AI and fraud being extremely high risk. 85% of everyone surveyed and nobody said it was low. Then you got people that were more like it's less of a concern than the ones that said high. But correlate that to the fact that less than 40% of those same people felt prepared to do anything about it. And these are our own members, our internal auditors. So everyone saw the risk, which is important. We could be dealing with a situation where they, they didn't see it as a big deal and it certainly is, but less than half of that number feel ready to do much about it. So we've got to address that through training. And whether it's our training or someone else's, our members just have to get more up to speed on AI risk and fraud. And any of the other issues that come with that. So those are the two, I think the biggest takeaways for me as I look through all that data, I get to see the raw data. So sometimes it's just like, you know, like volumes and we synthesize it into something more manageable. But those who come to top and one of the other things in the Audit Board report that we did jointly is the need for a lot stronger collaboration on things like cyber and AI and that no one team really owns it anymore. We can't say it's internal audit or it's just risk or it's just a compliance team. If you're in Europe, it's a compliance issue as much as anything else. But really it's the need for internal audit to lead all the teams collaboratively to start addressing the problem, to make sure the organizations are properly prepared for it. So anyway, skill sets, collaboration, all very important. Brought to light on that one, should

B

we expect anything from the IIA relative to, let's just call it AI literacy and training? Is that on the agenda item? Is there something concrete? Obviously we're all aware of, yeah.

A

We're issuing a new certificate program around AI fluency and the uniqueness of that is it's hands on. It's not going to be the more abstract training that you and I both have probably been to. Generically you learn whether a large language model is or something like that. But really taking things like our AI auditing framework and showing how to use it versus talking to it and giving real world examples and it ends up with a certificate. The certificate one you can put on your LinkedIn profile or show to your employer. And that's going to be the beginning of a lot. We have found that partnerships are probably the best way to go. We have a lot of members who are very skilled at it, but we also have a lot of organizations that do nothing but AI training. So you're going to see a lot of partnerships in the next few months rolling out to increase our volume of training that we have. Some of it's going to be available for free, some of it's going to be embedded into our conference tracks and some of it will be instructor led training or group training that we'll do in various cities across the country. And definitely we need on demand as well. So that's being developed in a way that's useful. It's not just reading script on a flat file, but really engaging the member a little bit harder when you're doing it on an online course. But the certificate program is probably the next thing you'll see. In fact, that's imminent. Like in the next few, couple weeks we'll have that out. That.

B

Yeah, that's exciting. I think it's something that people obviously need and are looking for because I get that question all the time, like, what training should I take? And I'm just like, pull up the keyboard and start working on it. That's like, you know, start using it and you'll, you'll kind of figure it out. I mean, the other thing is if you don't know, then ask it. Whatever question you don't know and.

A

Absolutely. And you know, parts of the world you're going to need different training. Like Europe has a very comprehensive AI law and eu AI act. And that's a whole different lens. You have to look at things through. I mean, as a consumer, I think that's a great law. As an organization or internal auditor, I know it's a bear to deal with. Yeah, but that's. We'd have to also look at regions. So we're focusing right now on North America because our, our European national institutes are working on the, the ones that fit the EU laws.

B

Something else. And this is what sparked reaching back out that I wanted to have you come talk because there's so many things that I've learned in the past year that the IA offers. And I went, I didn't know that. The only reason I know is because somebody reached out to me to talk about it or I just happened to see it on a post or something like that. And so that's what a few of these I want to talk about. One's the Global Audit Committee center, which is new. Right. So just what is it? Who should join? What's the benefit? How does it work? All that kind of good stuff. Like basically tell us why, for lack of better words, why we should care.

A

When we did the vision research, we found that our biggest, you know, if you want to call it issue was a lack of perception of what we do. And it's good that it wasn't a bad perception. It was simply a lack of meaning. What does an internal audit do? An auditor do? People would say, I don't know versus oh, they're this or that. So the Audit Committee center was designed with the intention of providing valuable resources, practical resources to members of audit committees to understand not just how to use internal audit, of course there's going to be that in it, but how to look at certain risks in a certain way and using things like risk and focus or pulse as the source material, meaning we know what we should prioritize in the audit committee center and making sure that they know how to look at the risk. And of course, you know, utilize your internal audit team to do this and add more resources to help internal audit do these things. But it's a place for audit committee members to go to better understand how to do their roles. And it's for beginners and for those that have been in audit committees for a while because the risks are new to them as well. But it's meant for audit committee members and it's free. It'll be free for the foreseeable future. We may, you know, over time look at things like conferences. There are a lot of organizations like NACD that does training for first year chairs of a board. That would be a great ultimate goal for that. But right now we're working very hard on content. And again, it can't be too internal audit or they won't understand it the way we want. But that content has to be culled very carefully. We have to make sure it's matching the risks that we see and just pointing them in the right direction. So we've actually hired two people full time to do nothing but that. And they're reporting into our evp. That's over advocacy because at the end of the day, making our presence known to stakeholders is an advocacy effort. It's making our value known. So that's the purpose of it. We launched it in January in dc. It was a spectacular event. I don't usually say that lightly, meaning we had members of Congress that showed up and talked about the importance of solid governance. And they were two Democrats, two Republicans, and we did not have to script them very heavily at all. Meaning here's what we want you to talk about. And they ran with it. And it was brilliant. And it really, for all of us present, we had a lot of members present as well as all of our North American board members. It was actually kind of inspirational. You know, that moment of like, we think this is a really good idea. And then after that launch we're like, you know, this is a good idea. We need to invest more and use it as a resource for our profession to be better known by the people that use us or should be using us the most. So that's the general benefit. It's, you know, in many ways we probably should have done this decades ago, but no time like the present. So we're going to get going with that and you know, you can expect to see Cyber materials in IT or resiliency, organizational behavior, third party risk, all the things that we look at. Geopolitical uncertainty. How do we. How do you look at that? What should you think about Scenario planning would be the answer to that, etc. Etc. So it's, it's probably one of the biggest things that we've launched. It'll be resource intensive. But I can tell you a lot of people internally and our governance groups are both our global and North American boards are very excited about it. So the objective is to get the message out of what we do and what we can do for audit committees.

B

That's what I mean. When I saw it doom scrolling on LinkedIn, I got excited about it and went, okay, yep, we need to learn more about this. So who. It's free. Who is eligible? Do you have to show some kind of proof that you're auditing or like, hey, Joe Blow, senior auditor too, if they're interested. Yeah, jump on in here. How does that.

A

We ask people to tell us who they are, but we won't not let you in. If you're not a member of an audit committee, it to me, it. I mean most people. By the way, I do scroll on LinkedIn as well. My kids think I'm the biggest geek for doing that, but I. Sometimes it's hours. But we won't kick you out or we won't decline membership because you're not actively on an audit committee. We hope board members join. We hope management, members of senior management of any organization join. Maybe that's a way for them to look more informed when they talk to audit committees and boards. But it's going to be open to anyone, certainly to our own members to get ideas as well. So it's. The more people that are part of it, we think it's better we get our message out and we get more feedback. So we do like to collect the data, who we're talking to so that we can understand who's visiting and what we need to change or modify or add. But it's open to anybody.

B

Okay, I like that because I was just think. I mean there's a lot of CAEs who are also on audit committees or chair audit committees, but then there's others who I feel like this is going to be good insight for them also and like the relationship they can have with their own Audit committee members and obviously bring those Audit Committee members into the Global Audit Committee Center. But then if they're also in it, then it helps speak the same language, be on the same page. And just generally, in my opinion, become a better chief audit executive. And if we can get, you know, the more people like you're saying, then

A

even better, like a member less of a problem in North America and Europe, but parts of the world. We actually get a question. A lot is, well, what do I tell the audit committee? So they'll use me more. So in that practical way it's sitting right there will be sitting right there for them to use as a place for them to start, you know, like to make the point, to argue the point of including them. Another example of getting a seat at the table.

B

Okay. Similar to the Global Audit Committee Center Vision U is something that popped up on my radar maybe a year and a half, two years ago. And then I think it was actually a GAM. Last year there was a Vision U thing. And so I saw like everybody happened to be poured out of this room when I was walking by and I was like, oh, what are you doing? And they told me, I went, oh, and you're in this and you're in this and you're. And it was just, you know, a lot of good caes, or even one is an aspiring cae. And I went, well, you know, tell me what this, what is it? And then just to know the caliber of people that were coming out of the program made me go, okay, there's something to this. This isn't just like a, it's like a CIE forum and we all get together and talk, which is fantastic. But it seemed like there was significantly more to it and a lot of effort from what I could tell goes into, you know, it's not a check the box like it, you have to be relatively committed to it.

A

Right? I mean it's a four day long immersive training. You get 30 something, 30 hours of CPE out of it. But it's, I think what it's for new or aspiring CAEs, that's the target audience. Not experienced CAEs. And I smile when you mention it because I always have the opportunity, actually the privilege of talking to these folks on various topics, whether it's what we're doing or what, you know, what my leadership journey was like or what they could expect when I was a cae, et cetera. But it's, it's got, you know, interactive case studies. We have leadership scenario planning. The case studies are actually very powerful and we try to make them very real time. We, we bring in a lot of guest speakers to talk about how they manage their career practically. And then technically there's a Lot of networking opportunities as well with, with the members that are, that are showing up for the training. It's been a very big hit. But one of the things that we do to make it really enjoyable is we keep the audience down to a lower level number of people because if it gets too big, you're going to lose that ability to get really interactive. And we bring in literally some of our most experienced members, former chairs of the board, former chairs of some of our senior committees, like Standards board or Certifications board, people that know the field, that know the IIA and can speak to all those things. But we involve a lot of our senior staff as well to go through some of the real world examples and to facilitate. And it's, it's fun in the sense that, you know, you're watching so many eager people that are really career motivated in internal audit and they're all ears, you know, they're really there to learn. And the questions are, they really make you pause. You have to be very reflective in answering things like, you know, what, what did you do on your journey? What was this? Or what was that like? And where did you fail? When was your, what was your biggest failure, your biggest success? And you know, we, we all agreed when we did that, like we're going to be honest, let's be very honest. Let's not make these answers sound like we're sitting in MBA class, but real world. So it's been a hit, it's somewhat new, but we're seeing more and more demand and we're constantly looking at ways to improve it. But I do think the trick is the real case studies and the interactive sessions that really, I don't want to say force, but they really push the participant into being engaged with the session versus sometimes you can be sitting in a room and listening, but not really absorbing. There's a, you really have to with this. And I think that's the secret to the success we've had with it.

B

I think it was the case study or something along those lines that one of them shared with me to get my thoughts. And that's where I went, yeah, this is, this is good. This isn't just your kind of run of the mill, let's all get together and hang out kind of thing. So, okay, so we have audit committee members covered, maybe even aspiring audit committee members covered new or aspiring caes where can. Because you said new or aspiring. So my note says old CAE support question mark. So old is a bad way to put it. But like caes that have been In IT for a while. What resources do you have for, for those folks?

A

Biggest two are gam. GAM is, you know, we, when we rebranded it to it used to be General Audit Management and then now it's great audit minds. It, it was meant for, it's really meant for exposure, experienced practitioners, people that have a baseline of knowledge. Like we're not there to teach what we did in the last couple years because the standards were new. But they're not there to learn the basics. They're learned more as you know, we go more advanced and the concepts and the classes. So it really is designed with, for people with experience. Not that if you don't have a lot, you won't get a lot out of it. But we design it with that in mind. And our international conference is exactly the same. We just bring some of the same topics but, but we add a lot more to it because it's a longer venue than GAM and a much bigger venue as well. We typically see 3 to 4,000 people show up for our international conference, but those are our two big ones. And another thing that we're doing now is we're putting our courses and all of our competency and learning tools into beginner intermediate advanced levels so that people know if they take this course, it's designed for them at the level they're at versus a one size fits all. Which you know, can be frustrating unless it's a brand new topic and no one knows about it. Like, you know, some of our AI courses at the very beginning were baseline because it's all that was available. But we try to do a lot more by gearing our courses toward advanced levels for those people.

B

So we got the five year recap. What is the next, call it three to five years. What can we expect to see? And I'll kind of leave the microphone with you here and you can, you can kind of take us out.

A

Take us out on. Well, you know, I think you're going to hear continuing messaging from the IIA on the focus needing to be on adaptability and agility of internal audit teams. And again, I always say, you know, internal controls over financial reporting is always part of our profession. I know, I know a lot of internal audit teams that don't do it anymore. But that's a decision their organizations have made. But that focus is because of the changing nature of what we're being asked to look at. So you're going to see more on geopolitical risk and cyber and you know, disruptive technology, workforce talent issues, all that's going to be a big focus for us and that messaging will be consistent and you know that's it's important. You're also going to see a lot in beginning of the next few, beginning of the second quarter of the year, a lot more on enterprise risk management. One of the surprising things that came out of the Vision 2035 research is I mentioned earlier how many second line functions are reported reporting into, into internal audit. That one was particularly interesting to us because we, we sort of knew fraud and compliance were already doing that. Risk was a bit new and a new trend and it's growing and it's global. It's not a uniqueness to North America or Europe or it's everywhere. So we need to start preparing members for that. If it's an opportunity or if it's handed to them is what do they do with it. So developing those tools are very important. We, we've designated a committee and that's important in our vernacular. Committees freestanding, meaning it doesn't go away unless it's been purposely dissolved. Like task forces and so forth have finite lives. But this committee is I consider a bit of a powerhouse. We've got some of the best minds in the profession that do this, you know, internal audit with risk reporting to them. So you're going to hear a lot about that coming out of the IIA Again I'm really excited about it and you know, just answering this top of mind, I always say to you, I'm going to remember what I should have said when I get off this call. But I think focusing on the talent pipeline and students are a huge part of that. And you've seen some of the changes I hope that we've made. The Academic alliance program is now up to 150 schools. We added 30 really quickly once we changed how schools could enter. But building that so that we have a really steady workforce ready to do internal audit work is important. But we also need to focus just as much on those that do mid career changes like me. I was an external auditor for most of my beginning of my career, eight years and then I switched. So that happened very organically and randomly for me. And I think that's generally the story that people say is I didn't know that was going to happen. It happened, it was an opportunity and I took, took advantage of it. So we need to find a path for those people and we're going to have a lot of resources to do that.

B

If you could grab every auditor by the shoulders and just shake them and say will you, please, all of you, just do this one thing. What would that be?

A

Oh, that's easy. Be your own best advocate. I, I sometimes I mentioned earlier, I get that question of, like, well, you know, like, when we designed the standards, we got a lot of. It was healthy pushback, constructive pushback.

B

Yeah.

A

I don't get time with my audit committee. Like, so how am I supposed to get them to approve my audit plan? And literally, I would ask, you know, did you ask for their time? And I would get more often than you can imagine. Well, no. Like, they should be asking me. I'm like, well, I mean, if they don't know what you do, you're probably not going to have that opportunity. So sometimes being your own best advocate is extremely important. I don't want to say being our own cheerleader, but in many ways that's what it's like because we are valuable. And when I go back to that vision research and we see that perception is our biggest problem. But, you know, be your own best advocate. Be your cheerleader for your team or for yourself. Show what we can do. Nobody, nobody, I say this in front of students, knows an organization like an internal auditor. We have such a unique vantage point. Even external auditors, they see us once a year as an organization, and they see many. But internal audit sees stem to stern. They know what every management team is like within the organization. They know what leadership's like. They know what culture's like. They know when things are not going right, even if they can't quite pinpoint the reasons. And we have to make sure that's known. And that happening right from the source is probably so important. So I'd probably say, you know, tell everybody what you're doing. Be your advocate, be your own advocate, and that for your team. So that would be the first thing that pops into my mind. I don't know if that's what you were expecting, but I always wonder that, like, get out there and tell people. I mean, the worst you're going to get is a no. And hopefully you don't get that. And then maybe tell them to go, well, go look at the audit committee resource center. And that'll help, you know, change their opinions as well. But that would be my answer to that. Hey, everyone, thank you very much for

B

listening to this episode of the audit podcast. Whatever platform you're listening on right now, I'm sure there's a subscribe button somewhere, so please hit the subscribe button there. If you're listening through itunes or Spotify, feel free to go give us that five star rating. It only took me about 16 seconds to give myself a five star review and it really helps to get future guests to come on the show, so

A

we'd really appreciate that.

B

Lastly, be sure to check out the show notes and follow us on all our social media channels, on Instagram, on LinkedIn, and on TikTok. Also, if interested, please sign up for our weekly newsletter from the Audit Podcast. Thank you all. Have a great one.