A Day in the Life of an Internal Auditor by Guest Blogger Marylyn Byrd, CPAPosted: November 19, 2018
When I got the chance to enter the internal auditing world with our local university (my alma mater) and colleges, I jumped on it. In my mind, I remember thinking it would be just like external auditing, but with less hours and a more family friendly schedule. As a working mom, having good work-life balance is crucial. I wouldn’t say any day since I started internal auditing is a typical day. Every day is different. To be successful in this profession, you must be comfortable with priorities constantly changing.
In our office, we have a team of five internal and IT auditors who are responsible for four campuses. We perform legislatively required audits, risk-based audits (both financial and compliance), investigations, ongoing risk assessments, special projects for management and we assist external auditors coming in. Below is an example of what one of my days may look like, but remember every day is different.
I just arrived at work and breathe a sigh of relief as I’ve successfully gotten my two young sons off to two different schools and made it to the office on time. Most people would put on the coffee to brew, but I’m not a coffee drinker. I say good morning to my coworkers, sit down at my computer, and start going through any emails and voicemails I’ve received.
I’m done responding to emails and voicemails and start on an audit. The work for this audit could include any number of things, including completing or reviewing workpapers, reading laws, policies and/or procedures, writing or reviewing audit reports, completing fieldwork, doing data analytics, making phone calls, sending emails requesting documentation, etc.
I receive a call from management indicating a concern that fraud may be occurring in a certain area. After obtaining the relevant details, I put my audit work to the side and lock it up, then head out to campus to meet with the person voicing the concern. If needed, I schedule additional interviews with any relevant party who has information on the concern. Our team then launches an investigation if we determine there is a need. These investigations are highly confidential and on a need-to-know basis. Investigations move very quickly at first, but then slow down as we get into the detail. Typically, when we have an investigation, depending on the nature of it, we will notify the president of the university or college, as well as the campus police chief. If we need to get data from an employee’s computer or email account, we get authority from the ISO to do so.
Our team has gotten approval to take images of an employee’s laptop. We head over to their office (while they are away at lunch) and use our tools to take an image of it. We head back to the office and use our forensic tool to target specific codewords or topics to help search through all of the files and/or emails on their computer. The forensic tool is time consuming, so once we start that running, we head back to our office to prepare workpapers of the interview that has taken place. Our IT auditors now create a new project file on our server and I set up the project in our audit workpaper system.
I head to lunch. Yes, I’m back to getting an entire hour lunch (most days) and it is amazing!
I’m back in my office. I’ve done all I can do on the investigation. The forensic tool is still working, so now I’m back to the audit I was working on this morning.
I get a phone call from management asking me to sit in on a last-minute meeting with an external auditor. I head to campus for the meeting.
I’m back at my office and my boss calls the team together for a team meeting. We go over all our projects that we are currently working on and then brainstorm on the new investigation and what we think our approach will be, as well as begin to assess the risks the university or college is facing.
I’m done for the day. I head out to pick my boys up from school and move on to my favorite activity – 1st grade homework! I’m completely exaggerating on my excitement level.
Every day is different and can be more or less eventful than the day described above, especially during risk assessment time in the summer when we are working on our audit plan for the next year. During that time, we have three or four meetings per day across the campuses and I’m still working on my other audits and projects.
Key Takeaways from My Time as an Internal Auditor
- Internal auditors need good people and communication skills. You will be working with individuals who serve in different departments and come from various backgrounds. You are in and out of meetings, on phone calls, sending emails, and constantly interacting with a wide variety of individuals.
- Internal auditors must always be ready to ask questions and more questions and more questions. You also have to anticipate what your Board (or whoever you report to) is going to ask you.
- Internal auditors must be knowledgeable of every aspect of an organization, not just the financial or compliance side.
- Some people still tend to view us as the enemy or the “gotcha police” even though we are internal. It’s the stigma that comes with the auditor title. Once employees realize the value of your department, you become a trusted advisor and resource.
- In my case, internal auditing has allowed me to continue doing what I love (auditing of any sort) without working tons of extra hours. It’s a great choice for your career and your work-life balance.
Marylyn Byrd, CPA, is an internal auditor with the Texas State University System responsible for the four Lamar components – Lamar University, Lamar Institute of Technology, Lamar State College – Port Arthur and Lamar State College – Orange. Byrd is a member of TSCPA’s Board of Directors and former president of the Southeast Texas Chapter.