A brief request: if you use Gmail, please move this email to your Primary folder.
And you can now listen on Apple Podcasts, Spotify and YouTube
Welcome to AccelPro Audit, where we provide expert interviews and coaching to accelerate your professional development. This interview is part of our AccelPro Career Tools series, where we focus on the trends, topics and advice most useful to managing your career. Today we’re featuring a conversation with Richard Chambers, CEO of Richard F. Chambers and Associates and AuditBoard’s Senior Internal Audit Advisor.
Audit as a profession is only around 100 years old. Chambers has been around the space for nearly half of that time. Starting out as an internal auditor in the private sector, he later moved to government roles, rising to become the Director of Internal Review for the Army, Deputy Inspector General of the U.S. Postal Service and Director General of the Tennessee Valley Authority. Chambers closed out his career with a long stint leading The Institute of Internal Auditors. He’s now a private consultant and the Senior Internal Audit Advisor for AuditBoard.
Through these roles, Chambers has had an inside view of the evolution of the audit profession. In this interview he outlines new paths both into and out of internal audit, why young auditors should ignore much of the common career advice they’re given and the all-important role of trust in doing quality work as an auditor.
Listen on Apple Podcasts, Spotify and YouTube
Interview References:
Richard Chambers’ LinkedIn profile and AuditBoard announcement.
6:11 | Chambers, Richard. (2023, June 11). The Big Myth: Only Accountants Make Good Internal Auditors. Audit Beacon.
9:46 | Chambers, Richard. (2023, January 18). Internal Auditing: Career Path or Steppingstone?. Audit Beacon.
13:23 | The Institute of Internal Auditors.
14:44 | Chambers, Richard. (2016, October 31). Whistleblowers Need Protection – Not Cash!. Audit Beacon.
18:32 | KIng IV Report on Corporate Governance for South Africa. (2016). KIng IV Report on Corporate Governance for South.
18:36 | Cadbury Code: The Financial Aspects of Corporate Governance. (1992). United Kingdom Committee on the Financial Aspects of Corporate Governance.
19:52 | Chambers, Richard. (2017). Trusted Advisors: Key Attributes of Outstanding Internal Auditors. Internal Audit Foundation.
TRANSCRIPT
I. A FRONT SEAT TO INTERNAL AUDIT’S EVOLUTION
Jessica Stillman, Host: You've had such a long and varied career in audit. I really want to dig into what you've learned over the years. Can you give us a quick thumbnail sketch of your career?
Richard Chambers: Well I'm coming up on 50 years, but I'll try to make it brief. I never really set out to be an internal auditor. I was finishing up my undergraduate accounting degree and I wanted to work on my MBA at the same university, so I knew I needed a day job because my parents weren't going to cover the cost of the MBA.
I looked around close to the university to find a job where I could use my accounting degree, but would allow me to navigate over to classes in the evening. There was a bank across the street from the university that had an internal audit department, and I took a job with them. I spent about a year doing that, and then I moved over to the federal government with the Department of Defense.
I was a civilian internal auditor there. I worked my way all the way up from what we called auditor intern. It was really associate level work all the way up to being the Director of Internal Review for the Army; I was based at the Pentagon. It took the better part of 20 years to get through that part of the journey.
I finally grew weary of the Defense Department. I wanted to try something new, so I moved over to the US Postal Service, still within the US Government, and there I became the Deputy Inspector General. We were building that function out, with a lot of growth in a very short period of time, and I learned a lot.
It was a terrific period, but I then got tapped to become the Inspector General of the Tennessee Valley Authority, which is another U.S. government-owned corporation. I was the IG down at TVA in Knoxville, Tennessee when the appointment provision was changed in the law, so that the president was now going to appoint the IG rather than the board at TVA.
I saw that as a great opportunity to take an early retirement and go on to the next phase of my career. I left government at that point. I was only 47, I think, and so I knew I still had plenty of years ahead. I went to the IIA down in Orlando, the Institute of Internal Auditors, as essentially the Chief Operations Officer. I ran the training and the certifications. I stayed active there for about three years, but then I got the itch to do something that I'd always really longed to do, work in the accounting field more formally. So, I moved over to PwC. Most people join the big firms when they're 21 coming right out of college. I waited till I was 50 to put my backpack on and go to work for the Big Four. I spent the better part of five years at PwC. I was their national practice leader for internal audit advisory service.
Then I got asked by the IAA board of directors to come back and be the president and CEO of the IAA Global. I did that in early 2009, in the depths of the recession, and little did I expect to stay there as long as I did. I was there in that role for a little over 12 years, and finally the pandemic came along. I began to think I wanted to do something different for the final chapter in my career.
I stepped down from my role at the IIA, but I've been busier than ever for these last two years. I am the Senior Internal Audit Advisor for AuditBoard, which is a fast growing tech company. I have my own company, my own training academy. I'm out there training auditors from Dubai to Rome. I'm also the overseas dean of China's Nanjing Audit University. I'm the chairman of the UNICEF Audit Advisory Committee. And I'm also on the board of a company in the UK. So that's a thumbnail, but it's a long thumb.
JS: I think you did great given how much ground you had to cover. That's such a broad, long career, and I'm sure the essential role of internal audit has stayed fairly constant: fraud prevention, ethics assurance. Can you talk a little bit about the most noticeable things that you've seen change in the space over time?
RC: I think the internal audit profession has changed fairly dramatically. If you think about it, this is a profession that's still relatively young. The roots of modern internal audit only go back about a hundred years, which if you compare it to the other great professions in the world, makes it a real infant. I was thinking about this the other day. If the profession goes back a hundred years, I've been in it almost 50. I've had a chance to see this profession through almost half of its evolution.
If I think about what internal audit was like when I first came into it all the way back in the late 1970s, it was still very much a function focused on controls in many organizations, primarily financial controls. It was still more of a hindsight kind of function, looking at what happened last year, last week, last month.
What I see today is a function that's very much diversified. First of all, if we look worldwide, only about 20 to 25% of internal audit effort is spent looking at financial related issues. It's really diversified to look at the full portfolio of risks and organizations.
Then if we look at where we focus, we're looking as much around us and ahead of us as we are behind us. Hindsight will always be of some value, but insight, looking around, and foresight, looking ahead, are far more valuable in how we serve our organizations.
—
II. NEW PATHS INTO (AND OUT OF) INTERNAL AUDIT
JS: I know you've written recently about how you don't necessarily need to be an accountant to get into internal audit and how the field might look to attract a broader range of talent. Can you talk about what skill sets are needed now to succeed in internal audit, and what other fields besides accounting can provide a good stepping stone into audit?
RC: Well, certainly when I think about internal audit and I think about where the focus is in the 2020s, it's a profession that aligns with the full portfolio of risks of an organization. If you think about what are all the risks that an organization can face, there are myriad risks. Everything from financial, to operational, to technology risks—reputational risks. All these risks are out there facing organizations every day, and we seem to be now in the era of perma-crisis, so that a new risk is going to emerge virtually overnight.
You need the skills, if you want to be risk-centric as we do in internal audit, collectively within the internal audit department to address any of those risks. This means that if all you have are accountants, you're only going to be able to look at the financial risks. That's why you need other skills in the organization to be able to follow whatever risks may come your way.
If we think about what other disciplines, I hear a lot of chief audit executives tell me that engineers bring great skills. Some of their critical thinking skills that they're taught through their academic studies and in the workplace are excellent skills for internal audit. And then there’s the soft skills, great communicators - we're looking for a full complement of skills. Ideally, we'd like to think we could get all these skills in every internal auditor, but sometimes you need to be specialized in helping your organization to address certain areas.
JS: How's the audit profession doing in attracting non-accountants to the profession? What does the audit profession need to do to attract those folks?
RC: I think we really are our own worst enemy because too many internal audit functions are in the hands of what I consider to be more traditionalists, people who bring in a strong accounting background. Maybe they were partner in a big firm or they've got a long lineage in their career, dating back into external audit. Sometimes it's difficult for these folks to truly appreciate the value of a diversity of skills in particular. And the matter is not helped, in many cases, because you've got audit committees who are also made up of, by and large, people who come from an accounting background, many of them from Big Four or public accounting firms.
There's really not a lot of diversity of thought out there about what kind of skills we need to bring in. I don't think it's that we can't attract people from other professions; it's that we haven't been trying. The real challenge for internal audit going forward is that we need to be willing to reimagine the complement of skills that it takes to do the work that we have to do.
JS: We've talked about different professions moving into audit, but I also want to talk a little bit about people from audit moving into other professions. Do you think audit can be a stepping stone into other fields, and what might those be?
RC: Absolutely. I've written articles where I talked about, ‘Is internal audit a career path or a career stepping step?’ I think for some people like me the idea of spending a long period of time, maybe even a career, in internal audit is appealing, but for others, there's a desire to leverage the knowledge that you get from internal audit and then figure out, where is it that I most enjoy working in the organization? Because as an internal auditor in many audit departments, you're going to get a chance. Maybe you're auditing in the financial area one month, then you may be doing a technology-related audit; the next, maybe you're doing an audit of HR or you're doing an audit of procurement. You have a chance over time to, number one, build relationships in all those areas so that they know who you are, but more importantly, you have a chance to decide, is this an area that I get a lot of energy from? Is this an area where I'd like to learn more and dive deeper?
I often encourage, particularly young professionals, to consider a career in internal audit because it allows you to climb up that ladder and take a 360 view of the organization and decide, where is it that I would like to land? I think internal auditors have the opportunity to go into the business, and then, quite often a company will structure internal audit so that there's no expectation that you're going to come and homestead. You'll come and you'll spend three to five years, learn the business, and then you'll go somewhere else in the company to help out.
—
III. CHOOSING BETWEEN INTERNAL AND EXTERNAL AUDIT
JS: So you've had government experience, Big Four experience, experience in a large professional organization and as an individual consultant…
RC: And now with a tech company.
JS: And a tech company. So really the fullest of ranges. Can you talk, if you were speaking to someone who's a younger auditor who's just starting out, about these different paths and what pros and cons they might offer in terms of advancing your career?
RC: My single piece of advice I give to young professionals is to write your own story. There are too many people out there who try and convince a young professional you have to do things in a certain sequence. You have to follow a certain path to get to some point of success.
I always bucked that. I came out of college and everybody said, ‘Oh, you need to go into public accounting because you've got an accounting degree. You've got to become a CPA.’ I didn't want to do that. I wasn't really that fond of accounting, even though I got my degree in it. I was looking around to see what else was out there, so at the ripe old age of 21 I picked up my briefcase and I went off to work in an internal audit department. But then I wasn't precluded from doing the other things, so that's why I said earlier when I turned 50, I put on a backpack and went to the Big Four.
JS: You're not a traditionalist who says, ‘Big Four first because you get more training.’
RC: I'm living proof that you don't have to follow the script. I try to encourage others to take that kind of free-spirited approach to how you plan, organize and pursue your career. I've got 48 years now in the profession and I have no regrets because I was always moved to pursue things for which I had a passion, for which I could get excited. That's my advice: don't be constrained. Don’t let someone else tell you what your story has to look like.
JS: I want to talk about the IIA, which you led for 12 years. Can you talk to me about the role of the Institute of Internal Auditors? Is it to advocate for the profession or the professional?
RC: The IIA has been around for almost the entire history of the profession, and if I look at what their tagline is, they are the voice of the internal audit profession. They are the principal educator, the trainer, the certifying body and the standard setter. The IIA really does help this profession achieve its potential, but I also believe that the profession is far more than the IIA. I think there may be two million internal auditors in the world, and only about a 10th of those belong to the IIA.
We need to recognize that the internal audit profession needs the IIA. But it can't be fully dependent upon it to be successful. I encourage internal auditors to pursue credentials across the spectrum. Go get your certified fraud examiner. Go get your IT credentials from ISACA. It's important, I think, for us to be fully equipped to take on the important mission of internal audit. And I'll never take anything away from the part that the IIA has played in that.
—
IV. ON WHISTLEBLOWERS, BOARDS AND TRUST
JS: I know you’ve spoken and written about the need for whistleblower protections. What are your thoughts on how to better protect whistleblowers? How can we encourage auditors to speak out when they do see problems arise?
RC: Unfortunately, that starts in many cases with the culture of the organization they work in. Too many internal auditors are confined by a culture that doesn't encourage speaking up, doesn't encourage accountability. That makes it very stifling if you're an internal auditor, because so much of the value we bring is being able to articulate issues to provide assurance, or if we can't provide assurance, to provide you with insight and recommendations as to how you can improve things. But some cultures don't value that, and we've seen plenty of examples of that over the years where the culture will be in the hands of people who don't want to hear bad news, who don't want to be criticized, who don't want anyone out there pointing out inefficiencies. I do believe that internal auditors need protection.
I'm not a big fan of government regulatory whistleblower protection for internal auditors because I think it will tend to have a little bit of a chilling effect. If there's a perception that somehow we are an arm of government or that we are operating under the sanctioned protection of government, I think it could make it more difficult for us to do our work. I do think that there ought to be greater accountability on the part of boards. A lot of the issues begin and end with boards of directors, and I think that's where internal auditors should be able to turn for protection.
Unfortunately, a lot of boards seem to be in the hands of management and unwilling to challenge management if there's a dispute between management and the internal auditor, and that's really unfortunate.
JS: Are there steps, in terms of policies or who makes up those boards, that you'd point to that could start to ameliorate those problems with boards being less open, shall we say, to bad news?
RC: Part of my concern is that we really don't have in this country a corporate governance code that specifies what good corporate governance principles look like. All too often, I feel like boards and board members work at the behest of management.
Look at it this way: board members at a lot of companies either picked the CEO or the CEO picked them. I don't think it gives the kind of arm's-length relationship that many companies need to have, and that's why boards in a lot of cases are blinded, perhaps by charismatic CEOs, individuals who they feel somewhat beholden to, or maybe they had a vested interest in because they brought them into the role.
As a result, people just have their blinders on until there are real problems. This is particularly true when it comes to culture, and so I think that's what we've really got to get past in this country. I think boards have got to become more skeptical. I think in some ways there's too much civility in the boardroom. No one's willing to challenge each other, and sometimes you need to be able to do that.
JS: You spoke specifically about the US. Are there other countries or other areas of the world that you would point to that have a better way of doing things in regards to the board that we might look to and be like, ‘Let's try that out.’
RC: I'm going to say right off that corporate governance struggles worldwide, but there are some countries where there are corporate governance codes that at least paint a better lane on the highway about what the board's responsibilities and roles are.
There's the King Report out of South Africa; there’s the Cadbury Report out of the UK, which is in the process of being updated even as we speak. There are corporate governance codes in other countries, but I would tell you that even in those countries, you've had corporate governance scandals in recent years.
I think board members just have to take their responsibility so much more seriously and be real champions for the shareholders. They're there to represent the shareholders. I don't always feel like that's what we see. Everyone always asks when there's a big calamity, ‘Where was management? Where were the internal auditors?’ I always ask, ‘Where was the board? Why didn't they see this coming? Why didn't they have their fingers on the pulse of what was happening?’ They're often like a deer in the headlights after something happens.
JS: Are there any other lessons or advice that you would give to someone who's in the audit profession we haven't talked about in this conversation that you think is useful or important to get out there?
RC: I think about, what are the skills that you really need to cultivate to truly be an outstanding internal auditor? That's the subject of my book, Trusted Advisors. In that book we explore, what are the characteristics of the very best? We're talking about things like being ethically resilient. You don't only have to be honest and courageous, but you have to be willing to fend off all of the temptations and all of the interference that may come your way to do the job.
You’ve got to be results focused, and results focused doesn't just mean that I'm counting the number of audits I do. It means that you need to focus on completing audits that really have an impact in your organization and that you can point to and say that made a big difference. About being a great communicator and having strong communication skills in every facet. Not just that you can write well, but also that you can listen and you can read the room and that you understand what's happening around you.
Of course, critical thinking is often the number one recruited skill for internal audit. It's that ability to take data, take facts and put together what happened there. What's the root cause of this situation? It's about being intellectually curious, never losing that intellectual curiosity that we have as children about asking why and what and why not. You've got to be able to do that as an internal auditor. And, of course, it's about maintaining good relationships, and it's about the technical skills—making sure you know your business and you have a lot of deep expertise, because you can have all the soft skills in the world but if you don't have the expertise, you're not going to get that proverbial seat at the table.
JS: We didn't talk about your book, and perhaps we should get into that a bit more. Can you talk about what steps auditors should take to build that relationship as a trusted advisor? You talked about ethics and communication skills. Is there anything else that you would say to build that trust?
RC: You hit on the key word trust, because relationships really have to be rooted in trust. As internal auditors from almost the first day we’re on the job, we're taught about how to determine if we can trust someone else. ‘How do I know if someone's lying to me? How do I know if the documents they gave me are real? How do I know they're not stealing?’
Trust has always been taught to us as a one-way street. But the fact is they need to trust us as well. What do we do to earn that trust? They need to believe that we're not biased, that we are objective when we take on our role; that we're competent; that we have the organization's best interest at heart.
It goes back to being able to be a proficient practitioner, someone who they believe understands what they're doing and that they're motivated to believe in the advice and even the foresight that that person's offering them.
Building trusting relationships won't always be easy. You're inevitably going to end up issuing an audit report that somebody who trusted you is not going to like. And the real test about whether you've built a trusting relationship is whether that relationship can withstand the disappointment that may come from an audit that they didn't want to hear.
This AccelPro audio transcript has been edited and organized for clarity. This interview was recorded on June 29, 2023.
Listen on Apple Podcasts, Spotify and YouTube
AccelPro’s expert interviews and coaching accelerate your professional development. Our mission is to improve your day-to-day job performance and make your career goals achievable.
Send your comments and career questions to questions@joinaccelpro.com. You can also call us at 614-642-2235.
If your colleagues in any sector of the audit field might be interested, please let them know about AccelPro. As our community grows, it grows more useful for its members.