Sue Ironside was welcomed as Co-Vice President of IIA-Australia at our recent AGM. Sue was most recently General Manager Internal Audit Rio Tinto. She has a strong background in audit and assurance, compliance and risk, finance, business partnering and transformation with broad experience gained in local and international organisations in the mining, telecommunications, energy, manufacturing and retail sectors. She is the Board liaison with the Western Australia Chapter Council and Chair of the IIA-Australia Advocacy Working Group.
What are the most significant changes you have seen in internal audit since you started in the industry?
A key driver of change has been the significant increase in data and new technologies in businesses and having that available for internal audit use has created both risks and opportunities. New technology (Cloud and AI for example) brings new risks for internal audit to cover, and this requires internal audit teams to have the specific skills and capability to audit these risks. This has created fantastic opportunities for attracting other disciplines, such as data engineers/scientists, into internal audit.
Having access to a greater range of data and technology is also allowing auditors to embrace data analytics and AI to drive efficiencies across the internal audit lifecycle, but it comes with its challenges, such as, being clear on which data and technology to use and when; managing data within complex data privacy requirements; and quality and hygiene of the available data sets.
What do you think are the biggest challenges internal audits face today? And for the coming five years?
The changes in societal implications and expectations have grown exponentially particularly in light of recent high-profile incidences. There is a higher level of expectation on businesses to do not just what they are legally obliged or allowed to do, but to also fulfil the societal expectations of our stakeholders to do what is right. There is the expectation that internal auditors also apply a similar lens, which requires a change in mindset from the traditional way of auditing and could put internal auditors into challenging and complex situations.
There is also an increasing expectation that auditors provide views on the culture and behaviours observed and this requires internal auditors to have the courage to have those conversations with boards and management. The key challenge here is ensuring those views are backed up by evidence and are not just based on perceptions and biases.
What do you think is the most important trait of an excellent internal auditor?
I think it’s simply about people and interpersonal skills. I have always said auditing is 90% people skills and 10% audit skills. Having the ability to communicate and interact effectively with people across all levels in the business, opens doors for you and enables you to obtain the support, information, insights and business knowledge you need to effectively do your job.
What benefits do you derive from your IIA-Australia membership?
The high-quality training, webinars, and conferences are a great way for me to keep abreast of new and emerging matters affecting the profession and to hear from people who are specialists in their field. Attending face to face events such as SOPAC is always a valuable opportunity to network with peers and to discuss issues, ask questions and bounce ideas with members from diverse backgrounds and experience.
What is the most valuable piece of advice you have received in your role?
Be courageous. Have the courage to ask the tough questions; have the courage to do the audits people don’t want you to do; and have the courage to share the difficult messages at the end of an audit that you sometimes have to convey.
More broadly, it is about being willing to try different roles. Don’t box yourself into one role or area of the business, but try different roles that add to your skillset and help you grow as an individual. Recognise what transferable skills you have and build on those.