5 Highlights from IIA GAM 2021

The IIA's General Audit Management (GAM) Conference 2019 was in Dallas, Texas. IIA GAM 2020 was held in Las Vegas, right before the brunt of the pandemic swept the country. This year? Like most everything else, GAM was held in the comfort of your office or kitchen table.

While the physical environs may have been familiar, the fire-hose blast of incredible internal audit education most certainly was not. 

Here’s a quick rundown of five highlights from this year’s IIA GAM conference.

1. Risk is thicker than blood

Elizabeth Holmes, disgraced leader of Theranos and subject of umpteen documentaries and books over the past few years, is as close to a poster child for corporate risk if there was one. John Carreyrou, author of “The Rise and Fall of Theranos” and IIA GAM keynote speaker, knows that full well.

While Theranos is undoubtedly a worst-case scenario, there are still lessons to be applied to internal audit practitioners—often the front lines of financial misdoings throughout organizations. Carreyrou broke the story about Theranos’ finances and shady product to the Wall Street Journal.

Carreyou’s point: you’ve got the broadest financial picture of the organization. Keep an eye out for fraud.

2. 2020s re-envisioned: Plan, respond, recover

In his session, “OnRisk 2021: A Guide to Understanding, Aligning and Optimizing Risk,” Harold Silverman of the IIA gave a rundown of the report of the same name. The report revealed that business continuity planning (BCP) and cybersecurity were the top two most relevant risks for the Board and management. No surprises there, but it was interesting to note the difference of opinions between different roles—87% of board members and 93% of CAEs rated BCP as highly or extremely relevant, compared to 63% of C-suite. Meanwhile, 90% of CAEs and 73% of C-suite rated cybersecurity as highly or extremely relevant.

The OnRisk report, a supplement to Harold’s conversation, is the only report to bring together perspectives from the boardroom, C-suite, and internal audit—and is a free download on The IIA’s website. 

Also, Robert Berry of ThatAuditGuy.com gave his take on making remote auditing work. One key tip for enhancing your audit work: communicate, then communicate more.

3. Managing data and leveraging technology

This session track was all about the world’s most powerful resource: data.

The session “Aligning Your IT Audits With Leadership's Cybersecurity Questions,” held by Lucas Morris of Crowe LLP offered some practical advice for audit pros trying to make their voices heard by executive leadership. (Who—as we have likely all experienced—might not “get it.”)

Workiva’s own Ernest Anunciacion took SOX testing down to the studs in his session, “HGTV for Internal Audit: A Case Study for Renovating SOX Testing,” presented alongside Bill Hatcher of Clearview Group. 

4. Keeping pace with the velocity of risk

A common theme from this year’s IIA GAM was simply keeping up with everything that’s changed over the last year or so. (Remember how last year’s conference was in Vegas, and now we’re at home, again? Sigh.)

One interesting session from this year’s IIA GAM changed the perspective on how teams look at internal audit based on their size. In her session, “Small Audit Functions: Conforming With the Standards,” Monica Moyer Kessel, Director of Internal Audit at Saint Leo University, gave advice for short-handed teams looking to do big-picture work.

5. Rising from a crisis and fostering resilient teams

As we look to put the past year or so behind us and move on to better things, encouraging resilience among teams is critical for internal audit leaders. Hence, this track.

Carrie Summerlin, VP of the Internal Audit Foundation, alongside Michael Schor and Neil White of Deloitte, offered some great advice for leaders through the IIA’s Internal Audit Competency Framework. The framework provides a clear and concise professional development plan for internal auditors at every level of their career—exactly what practitioners need to thrive in years and months to come.