Connect with us

Accounting

IIA CEO looks ahead as internal audit expands globally

Published

on

Anthony Pugliese, president and CEO of the Institute of Internal Auditors, is traveling the world as his organization expands globally, while laying the groundwork for priorities in the decade ahead.

The IIA released its Vision 2035 report at its international conference in Washington, D.C. in July. Pugliese wants to ensure the internal audit profession is where it should be by 2035. 

“There are a lot of misconceptions about what internal audit is,” he told Accounting Today. “The current perceptions do not align with what the profession actually does.”

pugliese-anthony-iia-gam-conference-2022.jpg

Institute of Internal Auditors president and CEO Anthony Pugliese speaking at the IIA’s General Audit Management conference in Las Vegas

The report points to the need for internal auditors to embrace advanced technology. “We can see our members all basically think technology is critical, but we’re not seeing the kind of uptake that would actually demonstrate that we’re going to be known for being technology savvy,” said Pugliese. 

The report recommends internal auditors need to expand the entire scope of the work they’re doing. That aligns with a separate set of Risk in Focus studies that the IIA issued in September. “We don’t want to be only Sarbanes-Oxley or just internal controls over financial reporting, but we want to be known for these other things that a lot of our members are already doing,” said Pugliese. “Expansion of scope is important.”

Other priorities include connecting internal audit with the strategy of a company as well as growing the pipeline of internal auditors.

“When we position internal audit in front of a bunch of accounting students, the reaction is actually really positive,” said Pugliese. “They see it as a completely different path, and one that doesn’t carry the reputation negatively of public accounting, which I think they’re trying to get away from. Actually we’ve seen a lot of students get excited by the fact that they can become internal auditors and still work for a big firm. So the two can actually co-exist on their resume, on their CV, and that’s really attractive.”

Internal auditors have increasingly become fraud fighters. “We found out in our Vision project that more and more internal auditors are becoming responsible for functions other than internal audit,” said Pugliese. “What we’re seeing now is that they’re moving functions like compliance or fraud into internal audit’s bailiwick.”

Pugliese is seeing growing interest in climate change and sustainability risks. 

“Last year, in 2023 our members around the world rated climate change sustainability reporting as the 14th most prevalent risk, and then this year, it moved to 13,” he said. “But in three years, our members predict it’ll be either four or five.”

The IIA released its updated Global Internal Audit Standards in January 2024 and they are set to take effect in January 2025, going deeper now on individual topics. “We started a big project that we call topical requirements, which is the first time we’ve actually started to require minimum levels of work to be done before an internal auditor can issue an assurance level opinion on certain topics,” said Pugliese. “The first one out of the gate is cyber. We think of it as a cyber standard. They have to follow it as members, but it was really because the area is somewhat mature. Cyber issues have been around since the late 1990s, early 2000s, and it’s a mature topic, but one that’s getting more and more risky over time. I think AI made that worse, so the need for standards is to ensure we’ve got a minimum level of performance occurring anywhere in the world.”

The IIA has been releasing tools to help internal auditors adjust to the updated standards. “Getting ready for the standards has been a big deal for us,” said Pugliese. “We’ve been releasing tool after tool after tool, some free, some we charge for, because the world that relies on internal audit is affected as well.”

The IIA is seeing more demand for such material as the organization expands globally. “You could pick up an internal auditor’s opinion on cyber and it would carry the same weight in Africa as it would in Latin America or North America, that there could be a level of reliance, and that’s because of all of our advocacy work, that we felt that was important,” said Pugliese. “We get out there and tell governments, you can rely on internal auditors to help you do some of this work. Having a standard around topics is not very unusual in the accounting world, but it is in the internal audit world.”

The IIA has been growing and has now crossed the 250,000-member mark. “We’ll end up this year probably at 255,000 with a lot of growth occurring in Asia and the Middle East, which is great,” said Pugliese. “We really didn’t have a strong market in the Middle East even five years ago, so we’re happy about that.”

He has been finding growing interest in Saudi Arabia, Oman and other Gulf countries, as well as parts of Asia like China and Japan. The Saudi Minister of Audit sits on the IIA’s global board.

“When they give out awards to say this is the best internal audit team of the year, or the most innovative team of the year, it’s a really big deal,” said Pugliese. 

He noted that many countries around the world have what they call Supreme Audit Institutions, SAIs, and there’s an association for these Supreme Audit Institutions known as INTOSAI, the International Organization of Supreme Audit Institutions. The IIA has been getting more involved in such groups.

In the U.S., the IIA has also been working more closely with the Public Company Accounting Oversight Board after clashing last year over some parts of the PCAOB’s confirmation standard that seemed to unfairly blame internal auditors. “The standard basically stated that external audit should control the entire process, and the example they gave was that because employees like internal auditors would be more apt to change the confirmation,” said Pugliese. “We asked for what data supported that in the United States or anywhere else in the world, and we realized that they were unable to produce any data to support that.”

The IIA started a letter-writing campaign and met with four of the PCAOB’s board members, including a former internal auditor, Christina Ho. Eventually the objectionable section was deleted in the final version of the standard, and the PCAOB even apologized in the disposition of comments.

“You couldn’t ask for a better outcome,” said Pugliese. “It was no disrespect, no harm intended. But, because of that, we started a relationship and now, when they call and they want to have a really solid task force on any given topic, they’ll reach out to us for an internal auditor, and that really is nice. So it was kind of lemonade out of lemons as a result of that, but it was not a fun process to go up against the PCAOB.”

The IIA started its own political action committee last year and plans to do more advocacy work in the U.S. and abroad. “We’re introducing some advanced advocacy strategies next year to start lobbying national governments outside of the United States,” said Pugliese. “They’re not quite used to the system that we have in place, where you hire people in Washington, and they target the right people setting laws that are relevant to you, and you go talk to them, and hopefully you get an output. This is very different. We’re doing it in Africa and we’re trying to make sure that their advocacy needs are met. We’ll probably have one in the Middle East, which is very unusual, but that’s more of an informing function for the countries that are more monarchy based. You don’t typically lobby a monarchy. In Latin America as well, we’re going to start lobbying those governments to more adequately recognize what internal audit does.”

Continue Reading

Accounting

IAASB tweaks standards on working with outside experts

Published

on

The International Auditing and Assurance Standards Board is proposing to tailor some of its standards to align with recent additions to the International Ethics Standards Board for Accountants’ International Code of Ethics for Professional Accountants when it comes to using the work of an external expert.

The proposed narrow-scope amendments involve minor changes to several IAASB standards:

  • ISA 620, Using the Work of an Auditor’s Expert;
  • ISRE 2400 (Revised), Engagements to Review Historical Financial Statements;
  • ISAE 3000 (Revised), Assurance Engagements Other than Audits or Reviews of Historical Financial Information;
  • ISRS 4400 (Revised), Agreed-upon Procedures Engagements.

The IAASB is asking for comments via a digital response template that can be found on the IAASB website by July 24, 2025.

In December 2023, the IESBA approved an exposure draft for proposed revisions to the IESBA’s Code of Ethics related to using the work of an external expert. The proposals included three new sections to the Code of Ethics, including provisions for professional accountants in public practice; professional accountants in business and sustainability assurance practitioners. The IESBA approved the provisions on using the work of an external expert at its December 2024 meeting, establishing an ethical framework to guide accountants and sustainability assurance practitioners in evaluating whether an external expert has the necessary competence, capabilities and objectivity to use their work, as well as provisions on applying the Ethics Code’s conceptual framework when using the work of an outside expert.  

Continue Reading

Accounting

Tariffs will hit low-income Americans harder than richest, report says

Published

on

President Donald Trump’s tariffs would effectively cause a tax increase for low-income families that is more than three times higher than what wealthier Americans would pay, according to an analysis from the Institute on Taxation and Economic Policy.

The report from the progressive think tank outlined the outcomes for Americans of all backgrounds if the tariffs currently in effect remain in place next year. Those making $28,600 or less would have to spend 6.2% more of their income due to higher prices, while the richest Americans with income of at least $914,900 are expected to spend 1.7% more. Middle-income families making between $55,100 and $94,100 would pay 5% more of their earnings. 

Trump has imposed the steepest U.S. duties in more than a century, including a 145% tariff on many products from China, a 25% rate on most imports from Canada and Mexico, duties on some sectors such as steel and aluminum and a baseline 10% tariff on the rest of the country’s trading partners. He suspended higher, customized tariffs on most countries for 90 days.

Economists have warned that costs from tariff increases would ultimately be passed on to U.S. consumers. And while prices will rise for everyone, lower-income families are expected to lose a larger portion of their budgets because they tend to spend more of their earnings on goods, including food and other necessities, compared to wealthier individuals.

Food prices could rise by 2.6% in the short run due to tariffs, according to an estimate from the Yale Budget Lab. Among all goods impacted, consumers are expected to face the steepest price hikes for clothing at 64%, the report showed. 

The Yale Budget Lab projected that the tariffs would result in a loss of $4,700 a year on average for American households.

Continue Reading

Accounting

At Schellman, AI reshapes a firm’s staffing needs

Published

on

Artificial intelligence is just getting started in the accounting world, but it is already helping firms like technology specialist Schellman do more things with fewer people, allowing the firm to scale back hiring and reduce headcount in certain areas through natural attrition. 

Schellman CEO Avani Desai said there have definitely been some shifts in headcount at the Top 100 Firm, though she stressed it was nothing dramatic, as it mostly reflects natural attrition combined with being more selective with hiring. She said the firm has already made an internal decision to not reduce headcount in force, as that just indicates they didn’t hire properly the first time. 

“It hasn’t been about reducing roles but evolving how we do work, so there wasn’t one specific date where we ‘started’ the reduction. It’s been more case by case. We’ve held back on refilling certain roles when we saw opportunities to streamline, especially with the use of new technologies like AI,” she said. 

One area where the firm has found such opportunities has been in the testing of certain cybersecurity controls, particularly within the SOC framework. The firm examined all the controls it tests on the service side and asked which ones require human judgment or deep expertise. The answer was a lot of them. But for the ones that don’t, AI algorithms have been able to significantly lighten the load. 

“[If] we don’t refill a role, it’s because the need actually has changed, or the process has improved so significantly [that] the workload is lighter or shared across the smarter system. So that’s what’s happening,” said Desai. 

Outside of client services like SOC control testing and reporting, the firm has found efficiencies in administrative functions as well as certain internal operational processes. On the latter point, Desai noted that Schellman’s engineers, including the chief information officer, have been using AI to help develop code, which means they’re not relying as much on outside expertise on the internal service delivery side of things. There are still people in the development process, but their roles are changing: They’re writing less code, and doing more reviewing of code before it gets pushed into production, saving time and creating efficiencies. 

“The best way for me to say this is, to us, this has been intentional. We paused hiring in a few areas where we saw overlaps, where technology was really working,” said Desai.

However, even in an age awash with AI, Schellman acknowledges there are certain jobs that need a human, at least for now. For example, the firm does assessments for the FedRAMP program, which is needed for cloud service providers to contract with certain government agencies. These assessments, even in the most stable of times, can be long and complex engagements, to say nothing of the less predictable nature of the current government. As such, it does not make as much sense to reduce human staff in this area. 

“The way it is right now for us to do FedRAMP engagements, it’s a very manual process. There’s a lot of back and forth between us and a third party, the government, and we don’t see a lot of overall application or technology help… We’re in the federal space and you can imagine, [with] what’s going on right now, there’s a big changing market condition for clients and their pricing pressure,” said Desai. 

As Schellman reduces staff levels in some places, it is increasing them in others. Desai said the firm is actively hiring in certain areas. In particular, it’s adding staff in technical cybersecurity (e.g., penetration testers), the aforementioned FedRAMP engagements, AI assessment (in line with recently becoming an ISO 42001 certification body) and in some client-facing roles like marketing and sales. 

“So, to me, this isn’t about doing more with less … It’s about doing more of the right things with the right people,” said Desai. 

While these moves have resulted in savings, she said that was never really the point, so whatever the firm has saved from staffing efficiencies it has reinvested in its tech stack to build its service line further. When asked for an example, she said the firm would like to focus more on penetration testing by building a SaaS tool for it. While Schellman has a proof of concept developed, she noted it would take a lot of money and time to deploy a full solution — both of which the firm now has more of because of its efficiency moves. 

“What is the ‘why’ behind these decisions? The ‘why’ for us isn’t what I think you traditionally see, which is ‘We need to get profitability high. We need to have less people do more things.’ That’s not what it is like,” said Desai. “I want to be able to focus on quality. And the only way I think I can focus on quality is if my people are not focusing on things that don’t matter … I feel like I’m in a much better place because the smart people that I’ve hired are working on the riskiest and most complicated things.”

Continue Reading

Trending