For decades, the workings of internal audit were little known and poorly understood by the public and the profession's "first cousins," the public accountants. In those days, aside from the pressure to reduce costs and perform some sensitive investigation, there wasn't much attention and appreciation for the function. Indeed, in many companies, internal audit was viewed as a necessary evil. Audit committees relied on it a bit, and management viewed it more as a service to fulfill corporate objectives.

Today, the role of internal audit has taken astounding prominence, and is now being scrutinized by the media, regulators, shareholders and management. Internal auditors are pushing themselves to the limits, dealing with new notoriety, facing new risks and responding to new expectations.

The credit (or blame, depending on one's point of view) for this metamorphosis lies in part with developments in the financial reporting arena. The watershed moment may have been when one internal auditor blew the whistle on her company's accounting misdeeds. For this act of courage and integrity, she was named one of Time magazine's persons of the year for 2002. Her actions and related events led to The Sarbanes-Oxley Act of 2002 and the push for improved corporate governance and stronger internal control.

Change is the Norm

As a result, internal audit is undergoing a period of unprecedented transformation. Relationships with the audit committee, management and the external auditors have all changed. Expectations have changed. Regulations and oversight have changed. In reality, everything has changed.

Perhaps the most profound alteration has come in the relationship between internal audit and the external auditors. In an ideal world, there would be close cooperation between the two functions. Internal audit and external auditors would be complementary in their activities. They would collaborate to maximize the coverage and extent of the audit procedures, and they would try to minimize inefficiencies and redundancies.

Unfortunately, post-Sarbanes-Oxley, things aren't as simple as they once were. There are concerns about independence, and worries about checks and balances. As a result, the extent of collaboration and cooperation between internal and external audit may be strained.

Shared Goals

The challenge, then, is to find the proper balance: to maximize the synergies while maintaining proper boundaries. How can this be accomplished? Here are a few recommendations:

1. Recognize that internal audit and the external auditors have much in common. For example, the competencies are virtually identical. Both groups operate under a similar code of ethics. They are expected: to have integrity and objectivity; to maintain confidentiality; and to demonstrate professionalism in their work. And, most importantly, both parties share the goal of reliable financial reporting.
2. Acknowledge the elevated importance of internal audit. Historically, though few will openly admit this bias, external auditors have viewed the internal audit function as something of a "second-class citizen." This needs to change. Increasingly, the activities of internal audit have become critical components of effective internal control and reliable financial reporting. Today, internal audit really is - and should be - a full partner in the process. The New York Stock Exchange acknowledged as much when it started requiring all listed companies to have an internal audit function.
3. Recalibrate the relationship. In the past, external auditors have considered the CFO to be the guardian, the primary point of contact and the main relationship within the client company. Today, with increased demand for oversight that audit committees are asked to provide to external auditors, internal auditors play a role that is just as significant as that traditionally played by the CFO. This is not to say the external auditors should cut off all contact with the CFO; rather, the relationship should be expanded to include internal audit and other risk management functions.
4. Encourage collaboration between internal and external audit. Internal and external auditors should work together to provide maximum audit coverage. Although there are new Sarbanes-Oxley-imposed limits on the relationship, there is still plenty of room for collaboration. For example, thanks to Sarbanes-Oxley, the tension over outsourcing the internal audit role by the external auditors is no longer a threat - a condition that should promote greater cooperation.
5. Leverage the work of internal audit. When performing Sarbanes-Oxley section 404 work, external auditors should utilize and rely upon the control testing work of internal audit to the maximum extent allowable. Doing so can both streamline the project and minimize the fee burden on the client.

It's been an unprecedented time for internal audit. The function has been thrust into the forefront of some of the most important business trends in the last 50 years - the need to bring greater accountability and higher ethics to business; the need to restore investor confidence in the markets; and the need to make good governance a business objective that is every bit as important as competitiveness and profitability.

Internal audit, in some quarters, may have been viewed inside the company as similar to the-late Rodney Dangerfield - it never got any respect. That clearly is no longer the case. The importance of internal audit is becoming appreciated in the boardroom and in the newsroom, by investors, analysts and regulators. That is, indeed, very good news for American business. And good news, too, for the profession.

ROBERT ANTOINE is a partner specializing in risk management and internal audit services at Deloitte & Touche LLP. He can be reached at rantoine@deloitte.com or 904.332.6564.