In the latest of our conversations with compliance and governance executives, we catch up with Richard Chambers, newly elected president of the Institute of Internal Auditors. In January 2009, the IIA elected Chambers to assume the position of the global professional association’s president. He succeeds David Richards, who retired after serving as president since 2004. Compliance Week caught up with him to chat about his new role as IIA president, what internal auditors’ role should be in the current market, and much more. Readers can also visit our archive of Q&A interviews.



Richard Chambers began his career in 1976 with the U.S. General Accounting Office, where he first became an internal auditor. He established himself in government internal auditing and was named worldwide director of internal review for the U.S. Army in 1993. He later served as deputy inspector general for the U.S. Postal Service and inspector general for the Tennessee Valley Authority.

In 2001, Chambers joined the IIA staff as vice president of the learning center. After a brief tenure as acting president, he left the IIA in 2004 to join PricewaterhouseCoopers, where he most recently served as national practice leader of internal audit advisory services.

Chambers has served on numerous boards and panels, including the U.S. President’s Council on Integrity and Efficiency, the City of Orlando Audit Board, and the IIA’s Internal Audit Standards Board.

Click here to see more information available on Richard Chambers’ blog.



The Institute of Internal Auditors


Altamonte Springs, FL


Professional Organization

’07 Revenue

$11.1 million

What are your top two or three priorities as president?

First would be to help the profession help stakeholders identify what the profession can do in terms of how it can add value. In the course of doing that, I also want to really focus on making the IIA relevant for big corporate audit groups globally, particularly here in the United States, because so many corporate audit groups right now are facing some rather challenging times in terms of how they add value in their organizations.

How does internal audit help them through this? Certainly, we see opportunities … to identify the effectiveness of risk management. But what I typically see in an environment like this is that companies are trying to figure out how to maintain costs and how to make sure they’re operating effectively in a declining market. These are areas where I think internal audit has the ability to assist, but hasn’t been called on to do so in recent years, because, frankly, that climate hasn’t existed.

The financial crisis touches on accounting issues quite a bit. Did poor internal auditing play a role here? What role can IA play in sorting out this mess?

One lesson that has come out of this crisis, from the standpoint of where I’ve seen it evolve, is that there has clearly been rather spectacular failures in risk management out there in the corporate sector. And I believe that internal audit in many corporate organizations is uniquely positioned to provide independent assurance on how effective risk-management systems are. I hope that would be what we learn from the recent challenges that we face.

Where does internal audit go now? It needs to focus on where the risks of the organization are. That’s the one common thread that runs through the evolution of internal audit. Effective internal audit departments are those that can stay focused on where the real risks of their enterprise are. Right now, risks to enterprises are largely about whether they even know what their risks are.

We hear that the IIA has released guidance on adopting International Financial Reporting Standards, as well as guidance on XBRL. Tell me about these.

We don’t believe that internal auditors should take on a management’s responsibility. Implementing XBRL, implementing IFRS—those, from our perspective, are not an internal audit role.

Where internal audit can be of real value in both of those areas is … to be able to step back, look at what management’s plan is, look at whether they have the adequate resources to implement the plan, and then as it’s ongoing, be able to provide assurance on how well the plan is being executed, and look at whether there are any risks that are not being mitigated.

Small companies are complying with Section 404 for the first time: Do you think it’s going to be rough sailing this year and next?

My advice to the internal audit function in a smaller company that’s getting ready to implement this is to benchmark the experiences and talk with counterparts who have headed up company or internal audit functions, where companies have already had to implement 404. There were a lot of very valuable lessons learned, and I think that would make the process go much more smoothly.

404 is a complex and challenging piece of legislation for a lot of companies to conform to, but … many of them have indicated that they’ve come out of it much better off for having gone through it, and I would suspect that the smaller companies will, too.

Give us one example of where an internal auditor could maintain, or even improve, his department’s function when budgets are getting squeezed.

My first advice to any internal audit department that’s finding itself with a reduced budget … is to continue to keep your focus on the risks in your company. It’s easy to start cutting audits out of an audit plan and say, “Well, I’ve got two fewer auditors. I can’t do this audit, or I can’t do this audit.” But my advice is to always go back to your original risk assessment, and make sure you are still addressing the most significant risks your company faces.

The other thing I advise internal audits to do as they’re being downsized, or if their budgets are being reduced, is to really, fundamentally look back at how they do their work. They really need to look at their own internal processes and try to streamline those processes, leverage technology and become as sufficient as carrying out their audits as possible.

What attracted you to this profession, anyway?

I think it’s a profession that still offers some exciting and rewarding opportunities. It’s one of the few professions that somebody can go into and not feel like every day is going to look like the day before. There are always new challenges. You can find yourself auditing a complex business unit one day, and perhaps a financial issue the following day. There is always diversity.

What’s the biggest change to the profession you’ve seen over your career?

In terms of the biggest change, I really have to say it’s twofold. It’s the degree of reliance on technology; when I became an auditor in 1975, we didn’t have anything approaching anywhere near the technology that a typical auditor has at their fingertips today, and I think that’s made a typical internal auditor far more powerful. The other thing is there’s been a much greater understanding of risk and how you allocate your priorities and resources on the basis of risk. I think those are both very important.

I would also add one other: I think auditors have become much more serious about quality over the course of those 30+ years. We now have in the profession standards that mandate quality assurance and external quality assessment at least every five years. I think that’s been a real indication of how far we’ve come in terms of pursuit of quality.

What advice for members of a profession who are facing such a challenging workplace right now?

My advice is very simple: Make yourself distinctive and make yourself very competitive among your peers. That involves really going back and looking at whether you have demonstrated your confidence in the profession through certification, maintaining your currency in the issues, and trends that are going on in the profession, keeping your continuing professional education as a high priority. These are all things that are going to make you distinctive and much more competitive in a much tighter market for internal auditors.

Invariably, I think we come out of these periods of dynamic change stronger as a profession. Again, my advice is don’t panic. Simply step up and help those with whom you work with define where you can add the most value right now.