Learning from events and black swans

The words I told you so hold no pleasure for internal auditors. They are a sign that it is too late to save a reputation, a project…an organisation.  Audit leaders strive to be ahead of the curve, to provide assurance that matters, is relevant and is heard.

Internal audit positions itself as the board’s trusted advisor. Official post-event investigations take many years while the real-world needs answers and assurances today. Audit leaders must be unwavering at all times, not just when the spotlight is on, in providing assurance that addresses the root cause of issues not just the symptoms that manifest. This means thinking outside of the box, challenging assumptions and questioning what will be next.

Following a litany of corporate scandals, extreme weather events and tragic accidents, audit leaders may wonder if their audit plan is right or if their organisation has identified all its critical risks. Then again, some things may only become visible with the lens of hindsight. Such unforeseen events are known as ‘black swans.’

Was the 2020 coronavirus pandemic a black swan or was it a crisis management event that organisations, including governments, should have been prepared for? Regardless of how we might classify it, the initial impact will undoubtedly be higher than any risk register estimates with global economic recession, massive sovereign debt, high unemployment, and organisational failures across multiple sectors.

In this thought leadership article we look at the priorities of internal audit against the backdrop of the black swan concept and offer insights into two high profile events through that lens – the 9/11 terrorist attacks and the 2008 financial crisis.

Clear priorities

Internal audit is clear on its purpose. To provide independent assurance that an organisation's risk management, governance and internal control processes are operating effectively.

Achieving this in a…