That is what the late and great Bill Bishop used to say when he was the president of the IIA. He would roll up his shirt sleeve and tell everybody he had a tattoo of internal auditing.
It’s in my blood too, although I have no tattoos.
Compared to some, I came to internal auditing late in my career after ten years in public accounting. I also had a five-year spell as a vice president in IT and have spent a lot of time focused on enterprise risk management.
But internal auditing is most definitely in my blood, and spending decades as a CAE was more fun than work.
Last week, I did something rash and unprofessional.
When the CEO and President of the IIA trumpeted on LinkedIn the release of a draft Topical Requirement on Evaluating and Assessing Third-Party Governance, Risk Management, and Control Processes, I immediately checked it out.
It is short, just four pages long including nearly a page about Topical Requirements (TRs) in general.
My reaction to it was frustration, even anger.
It, in my humble opinion, is severely lacking and should not have been released.
I tried to reach a good friend at the IIA to tell them of my alarm but was not able to get through. Then I saw that the accounting media was already announcing the release.
I shrugged inside and went back to Anthony…
