We are pleased to announce that Ross Tilly has taken on the role of President, following the completion of Stephen Tiley’s two-year term. Additionally, Sue Ironside, General Manager Internal Audit, Rio Tinto, and Judith Charlton, General Manager Internal Audit, Latitude Financial Services have jointly taken on the role of Vice-President.
Ross is Head of Audit, Reserve Bank of Australia. He has had many years’ experience at a ‘Big Four’ professional services firm, leading a high calibre and increasingly diverse team delivering an array of GRC services. Ross joined IIA in 1994 and passed his CIA exams in 1995. He was appointed to the Board in May 2020. He was also Chair of the IIA-Australia Audit and Risk Committee from May 2021 to May 2023 after becoming a member of that committee in 2020.
We sat down with Ross to ask him about his views on the current and future state of internal audit.
What are the most significant changes you have seen in internal audit since you started in the industry?
The substantial move away from just being an adjunct to external audit. Risk was still nascent back then; Australia played a key role in Risk’s development. Internal Audit is now very much a profession in its own right covering such a wide spectrum of risks and can deliver a varied and rich career not just be a steppingstone to some line role. From limited Board visibility 20 years ago to now providing key input into the Audit and Risk Committee’s deliberations. Also, this period has seen development of the Three Lines Model, which provides a useful model to explain risk and control responsibilities across an organisation.
There is also an incredible array of disciplines and degrees people have coming into the profession. This includes data scientists, project managers, engineers and now increasingly organisational psychologists, as culture and behaviour becomes more important.
What do you think are the biggest challenges internal auditors face today? And for the coming five years?
Front and centre is generative AI. I have no concern about our role, as internal audit is first and foremost a people-focused profession. But work practices and how we develop and facilitate what we do will change dramatically. I don’t know the timeline, but this change will be fast.
The other is the current bifurcation between business/operations auditors and IT auditors, which needs to be a thing of the past. Everyone now needs to be an IT auditor, plus you need to understand the business. Alongside this is the massive accumulation of data. This is exponential and a real opportunity for us. We need to ensure we can cleanse, wrangle, analyse and visualise that data in a way that makes it meaningful for our organisations or clients.
As it has always been and remains important to any successful internal audit function is its team’s interpersonal skills. By having a good understanding of people, we can better understand the risks present in an organisation. Good stakeholder relationships remain critical as internal auditors will achieve little unless they have the relationships within their organisation to effect change.
What do you think is the most important trait of an excellent internal auditor?
Again, it’s about having incredibly strong relationship skills and being able to hold meaningful conversations with senior people. Few of us will be domain experts in every area in our remit, so we need to be curious and brave, and exhibit an ability to synthesise and articulate insights gleaned from one’s work so as to make it accessible to management and the board.
It’s also an ability to embrace change. For example, the new Global Internal Audit Standards will be a reset for all internal auditors, and if the implementation timeline is as per the exposure draft, we will all need to get on board pretty fast.
What will you aim to achieve during your time as President of IIA-Australia?
I have been on the Board for four years. In that time, we have started several initiatives and it will be important we finalise these.
For instance, launching our new GRC platform is one of our strategic focuses for the coming year. Our members often move in and out of audit and risk roles, so to be able to work with them throughout the many stages of their career will be a positive for all of us.
A key focus for me over these next few years is targeting internal audit practitioners at the big corporates and the professional service firms, through the development of bespoke training and technical solutions. This will allow us to continue the great services to our current members, while also ensuring we are accessible to the rest of the profession, who may not currently be members. The Board is passionate about this initiative.
I am also looking forward to seeing the launch of the new member interface and website. Work on this has been proceeding for quite a few months now. This will be a completely changed, far richer user experience.
Lastly, there is a fairly sweeping change agenda at the Global level for The IIA. We need to ensure Australia has a seat at the table to influence change but also leverage the work being done at that level to the benefit of Australian members. We are well placed. Sally-Anne Pitt will soon be the first Australian to chair The IIA in 20 years. Tania Stegemann, another Australian on the Global Board, leads the major uplift in professional standards currently underway. This is very positive for our future, however IIA-Australia needs to ensure we are fully engaged.